Cross platform secure login on wpa2
Matthew Newton
mcn4 at leicester.ac.uk
Wed Dec 14 17:46:15 CET 2016
On Wed, Dec 14, 2016 at 04:29:04PM +0000, Henti Smith wrote:
> Next I used the Edoroam freeradius for auth against kerberos guide on
> https://www.eduroam.us/node/90 to setup kerberos authentication.
That says use FreeRADIUS version 2. Use version 3 instead, v2 is
EOL.
> ./rad_eap_test -H localhost -S testing123 -u kerberos-test -p secret -P
> 1812 -e PEAP -m WPA-EAP
Noting that's PEAP, not TTLS.
> However if I remove the local user and add "DEFAULT Auth-Type = Kerberos"
> it stops working.
Well yes, Auth-Type in the outer isn't Kerberos, it's EAP.
Documentation everywhere says don't touch Auth-Type yourself. It
says that for a reason.
> When I then test without EAP, using
>
> radtest kerberos-test secret localhost 0 testing123
>
> It's working.
Because you set Auth-Type to Kerberos.
> What am I missing or not getting about getting them to work together to
> allow users to log into the wireless with existing user/pass but encrypted ?
Don't touch Auth-Type. FreeRADIUS can generally figure it out on
its own.
And if you're then still stuck, post a full debug output from
'radiusd -X' to the list.
eapol_test from the wpasupplicant project is your friend here for
testing EAP-TTLS/PAP.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list