Cross platform secure login on wpa2
Alan DeKok
aland at deployingradius.com
Mon Dec 19 16:31:28 CET 2016
On Dec 19, 2016, at 10:28 AM, Henti Smith <henti at geekware.co.za> wrote:
>
> On 15 December 2016 at 12:55, Stefan Paetow <Stefan.Paetow at jisc.ac.uk>
> wrote:
Did you read this following paragraph?
>> If you're using Kerberos as password oracle, you need to set the inner
>> tunnel authentication for EAP to PAP. If your systems require that only EAP
>> methods are used in the inner tunnel, you're probably best off using 'gtc'
>> as the inner (which means EAP-GTC, which is Generic Token Card, which is
>> PAP).
After which, you say:
> Authentication is still not working, but at least I'm now getting krb auth
> attempts, which fails due to 'Attribute "User-Password" is required for
> authentication'
Go back and read Stefan's comments. And read the debug output you posted to the list. Do you see PAP in the inner-tunnel? Or MS-CHAP?
Alan DeKok.
More information about the Freeradius-Users
mailing list