more EAP/TTLS trouble
Steve Hopps
steve.hopps at gmail.com
Tue May 29 23:28:07 CEST 2012
But according to the configuration file:
# The "suffix" module takes care of stripping the domain
# (e.g. "@example.com") from the User-Name attribute, and the
# next few lines ensure that the request is not proxied.
#
# If you want the inner tunnel request to be proxied, delete
# the next few lines.
#
update control {
Proxy-To-Realm := LOCAL
}
So I'm confused, what's the right way to handle this situation?
On Tue, May 29, 2012 at 4:00 PM, alan buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
>> certificate errors. What could the windows machine be doing different?
>> Why does the machine even enter the picture when the authentication is
>> between the Access Point and the server?
>
> authentication is between the client and the server - mediated over 802.1X
> by the Access point. thats why your client has a supplicant on it..
>
>> Below is the portion of the log which shows the rejection, when using
>> my Android phone, TTLS and MSCHAPv2 (that is what Windows uses isnt
>> it?) Where I am confused is near the bottom, what is causing the
>> rejection?
>
> Win7 will be EAP-PEAPv0/MSCHAPv2
>
>> ++[pam] returns invalid
>
> user/pass in pam?
>
>> WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist!
>> Cancelling invalid proxy request.
>
> thats kind of a big clue. dont do that. it breaks things. just define
> the realm in proxy.conf with no place eg
>
> realm whatever.com {
> }
>
>> rlm_pam: Attribute "User-Password" is required for authentication.
>
> you've forced the server to use PAM? MSCHAPv2 doesnt provide 'User-Password'
> so wont work.
>
> what ARE you trying to do?
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list