test PEAP

Matthew Newton mcn4 at leicester.ac.uk
Mon Jan 19 23:37:26 CET 2015

On Mon, Jan 19, 2015 at 02:08:13PM -0800, Jim Shi wrote:
>  I try test PEAP following steps described in 
> http://www.freesoftwaremagazine.com/articles/howto_incremental_setup_freeradius_server_eap_authentications

That article is nearly 7 years old. Be careful in case anything is
out of date.

> it says to send the following to radius server:
> $ cat eapol_test.conf.peap
> network={
> eap=PEAP
> eapol_flags=0
> key_mgmt=IEEE8021X
> identity="testuser"
> password="password"
> ca_cert="/home/gcheng/myCA/cacert.pem"
> phase2="auth=MSCHAPV2"
> anonymous_identity="anonymous"
> }
> When running the test, I noticed that it sends “anonymous” user
> to the server  and the server try to authenticate user
> “anonymous” and failed.

Because you set your anonymous_identity to "anonymous".

> Any ideas what is “anonymous” here?  Do we need set up password
> for “anonymous” on the server?

No, this is the User-Name used for the outer request. The real
identity, "testuser", will be sent in the inner PEAP tunnel.

Run the server in debug mode (-X) and read the output. It will
tell you what went wrong.


Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list