test PEAP
Matthew Newton
mcn4 at leicester.ac.uk
Mon Jan 19 23:37:26 CET 2015
On Mon, Jan 19, 2015 at 02:08:13PM -0800, Jim Shi wrote:
> I try test PEAP following steps described in
> http://www.freesoftwaremagazine.com/articles/howto_incremental_setup_freeradius_server_eap_authentications
That article is nearly 7 years old. Be careful in case anything is
out of date.
> it says to send the following to radius server:
>
> $ cat eapol_test.conf.peap
> network={
> eap=PEAP
> eapol_flags=0
> key_mgmt=IEEE8021X
> identity="testuser"
> password="password"
> ca_cert="/home/gcheng/myCA/cacert.pem"
> phase2="auth=MSCHAPV2"
> anonymous_identity="anonymous"
> }
>
> When running the test, I noticed that it sends “anonymous” user
> to the server and the server try to authenticate user
> “anonymous” and failed.
Because you set your anonymous_identity to "anonymous".
> Any ideas what is “anonymous” here? Do we need set up password
> for “anonymous” on the server?
No, this is the User-Name used for the outer request. The real
identity, "testuser", will be sent in the inner PEAP tunnel.
Run the server in debug mode (-X) and read the output. It will
tell you what went wrong.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list