more EAP/TTLS trouble

alan buxey A.L.M.Buxey at
Tue May 29 23:00:58 CEST 2012


> certificate errors. What could the windows machine be doing different?
> Why does the machine even enter the picture when the authentication is
> between the Access Point and the server?

authentication is between the client and the server - mediated over 802.1X
by the Access point. thats why your client has a supplicant on it..

> Below is the portion of the log which shows the rejection, when using
> my Android phone, TTLS and MSCHAPv2 (that is what Windows uses isnt
> it?) Where I am confused is near the bottom, what is causing the
> rejection?

Win7 will be EAP-PEAPv0/MSCHAPv2

> ++[pam] returns invalid

user/pass in pam?

> WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist!
>  Cancelling invalid proxy request.

thats kind of a big clue. dont do that. it breaks things. just define
the realm in proxy.conf with no place eg

realm {

> rlm_pam: Attribute "User-Password" is required for authentication.

you've forced the server to use PAM?  MSCHAPv2 doesnt provide 'User-Password'
so wont work.

what ARE you trying to do?


More information about the Freeradius-Users mailing list