help seeing more debugging EAP-TTLS handshake

Rohan Mahy rohan.mahy at gmail.com
Fri Sep 25 15:51:37 CEST 2015


Hi Stefan,
When I used GTC it generated an additional challenge rather than just using
the user-password in the firsr inner access-request. No, I really want
EAP-TTLS with PAP as the inner method and my config does that for
eapol_test, windows and android.
My problem with the Macs is figuring out what they do not like about the
server certificate.
thanks,
-rohan
On Sep 25, 2015 05:48, "Stefan Paetow" <Stefan.Paetow at jisc.ac.uk> wrote:

> >> openssl dhparam -in dh -text -noout
> >>
> >>>                ttls {
> >>>                        default_eap_type = md5
> >>
> >> md5? really?  I'm sure you want that to be mschapv2 for your systems.
> >> dont think OSX
> >> will renegotiate.
> >>
> >
> > I need PAP inside the EAP-TTLS, because I need to proxy the PAP request
> to
> > a PAP-only RADIUS server. EAP-MD5 is actually disabled, but I found I
> still
> > need a non-TLS default_eap_type inside the ttls block. As we are not
>
> Try "gtc" as the default ttls type... that gives you generic token card,
> which when you look at the gtc { ... } stanza gives you PAP internally.
>
> GTC should also be supported by Windows... ;-)
>
> Stefan Paetow
> Moonshot Industry & Research Liaison Coordinator
>
> t: +44 (0)1235 822 125
> gpg: 0x3FCE5142
> xmpp: stefanp at jabber.dev.ja.net
> skype: stefan.paetow.janet
> Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT No.
> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
> Bristol, BS2 0JA. T 0203 697 5800.
> Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a
> company limited by guarantee which is registered in England under Company
> No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen
> House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235
> 822200.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list