Authentication using LDAP for 802.1x

Phil Mayers p.mayers at
Wed Jun 19 15:00:23 CEST 2013

On 19/06/13 13:11, Marco Streich wrote:

> When I run radtest from my laptop, the authentication is successful:

radtest does not send eap. Download the wpa_supplicant sources and 
compile eapol_test to test EAP.

> WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?

This suggests your LDAP server does not contain, or is not returning, 
password info. So auth would probably have failed...

> [ttls] eaptls_verify returned 11
> [ttls] <<< TLS 1.0 Alert [length 0002], warning close_notify
> TLS Alert read:warning:close notify
> [ttls] WARNING: No data inside of the tunnel.

...except it never gets as far as the inner tunnel because the client 
drops the EAP session. Most likely the client doesn't trust the server cert.

More information about the Freeradius-Users mailing list