Cross platform secure login on wpa2
Stefan Paetow
Stefan.Paetow at jisc.ac.uk
Tue Dec 20 00:54:04 CET 2016
Hi Henti,
>Authentication is still not working, but at least I'm now getting krb auth
>attempts, which fails due to 'Attribute "User-Password" is required for
>authentication'
Ok, that's progress.
> # Linked to sub-module rlm_eap_ttls
> ttls {
> tls = "tls-common"
> default_eap_type = "md5"
Hmmm, this is still set to 'md5'. I'd set this (in the
'mods-available/eap' file under 'ttls') to 'gtc'. That way the default is
generic token card, not MD5.
>(7) eap_ttls: Session established. Proceeding to decode tunneled
>attributes
>(7) eap_ttls: Got tunneled request
>(7) eap_ttls: User-Name = "kerberos-test"
>(7) eap_ttls: MS-CHAP-Challenge = 0xd4a73ee531a1ca517bd4666353388f89
>(7) eap_ttls: MS-CHAP2-Response =
>0x4700a84e60c856e3f2cfa4854af16c1e0e5000000000000000004b6334e8b331c0853bc3
>9df4f0f15f5d901418e6bf7f2375
>(7) eap_ttls: FreeRADIUS-Proxied-To = 127.0.0.1
>(7) eap_ttls: Sending tunneled request
Ummmm... Your client is sending EAP-MSCHAPv2. Set your client to ask for
GTC or PAP on the inner method. :-/
Regards
Stefan Paetow
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by
guarantee which is registered in England under Company No. 5747339, VAT
No. GB 197 0632 86. JiscĀ¹s registered office is: One Castlepark, Tower
Hill, Bristol, BS2 0JA. T 0203 697 5800.
>
More information about the Freeradius-Users
mailing list