Cross platform secure login on wpa2

Henti Smith henti at
Wed Dec 14 17:29:04 CET 2016

Good day all.

We currently have a wpapsk wifi managed by ubiquiti unif-fi. i'm in the
process of trying to move this over to a WPA2-Enterprise setup using
kerberos as authentication.

I used Alans the guide on to get PAP and EAP
working with my current certs using a local user.

Next I used the Edoroam freeradius for auth against kerberos guide on to setup kerberos authentication.

Now this is where things go south.

With a test user in users, EAP is working fine. I can auth using

./rad_eap_test -H localhost -S testing123 -u kerberos-test -p secret -P
1812 -e PEAP -m WPA-EAP

However if I remove the local user and add "DEFAULT Auth-Type = Kerberos"
it stops working.

When I then test without EAP, using

radtest  kerberos-test secret localhost 0 testing123

It's working.

So I can get EAP working with local users, and kerberos without EAP.

What am I missing or not getting about getting them to work together to
allow users to log into the wireless with existing user/pass but encrypted ?



More information about the Freeradius-Users mailing list