more EAP/TTLS trouble
Aman Arneja
arneja.aman at gmail.com
Tue May 29 22:41:38 CEST 2012
Steve
Windows is trying to validate the server Cert. By default we have server
Cert Validation enabled. You can disable this from the properties.
Regards
Aman Arneja
On Wed, May 30, 2012 at 1:47 AM, Steve Hopps <steve.hopps at gmail.com> wrote:
> The only computer in our office which causes certificate errors is a
> Windows 7 machine. So I attempted to connect using EAP/TTLS and
> MSCHAPv2 using my linux machine and my Android phone. Now I get a
> different error.
>
> I also tried using PEAP on my Android phone, and received no
> certificate errors. What could the windows machine be doing different?
> Why does the machine even enter the picture when the authentication is
> between the Access Point and the server?
>
> Below is the portion of the log which shows the rejection, when using
> my Android phone, TTLS and MSCHAPv2 (that is what Windows uses isnt
> it?) Where I am confused is near the bottom, what is causing the
> rejection?
>
> ++[pam] returns invalid
>
> or
>
> [eap] Handler failed in EAP/ttls
> [eap] Failed in EAP select
> ++[eap] returns invalid
>
> log follows----
>
> server inner-tunnel {
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/inner-tunnel
> +- entering group authorize {...}
> ++[chap] returns noop
> [suffix] No '@' in User-Name = "test", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> [files] users: Matched entry DEFAULT at line 222
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist!
> Cancelling invalid proxy request.
> Found Auth-Type = PAM
> # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
> +- entering group authenticate {...}
> rlm_pam: Attribute "User-Password" is required for authentication.
> ++[pam] returns invalid
> Failed to authenticate the user.
> Login incorrect: [test] (from client -REMOVED- port 0 via TLS tunnel)
> } # server inner-tunnel
> [ttls] Got tunneled reply code 3
> [ttls] Got tunneled Access-Reject
> [eap] Handler failed in EAP/ttls
> [eap] Failed in EAP select
> ++[eap] returns invalid
> Failed to authenticate the user.
> Login incorrect: [test] (from client -REMOVED- port 0 cli
> B4-07-F9-F2-99-F6)
> Using Post-Auth-Type Reject
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120530/3b8fcaaa/attachment.html>
More information about the Freeradius-Users
mailing list