Cross platform secure login on wpa2

Henti Smith henti at
Tue Dec 20 10:27:04 CET 2016

On 19 December 2016 at 23:54, Stefan Paetow <Stefan.Paetow at>

> Hi Henti,

Hi Stefan,

> >Authentication is still not working, but at least I'm now getting krb auth
> >attempts, which fails due to 'Attribute "User-Password" is required for
> >authentication'
> Ok, that's progress.

I got it working after adding phase2 pap to the client test on the local
machine. I'm using rad_eap_test which is a wrapper around eapol_test

> >   # Linked to sub-module rlm_eap_ttls
> >   ttls {
> >    tls = "tls-common"
> >    default_eap_type = "md5"
> Hmmm, this is still set to 'md5'. I'd set this (in the
> 'mods-available/eap' file under 'ttls') to 'gtc'. That way the default is
> generic token card, not MD5.

I've updated the above and tested locally and working.

When I try to connect with an android device using

* eap method : TTLS
* Phase-2 auth : PAP

and I get :

WARNING: !! EAP session for state 0x3e833be03884222b... did not finish!
WARNING: !! Please read

Which I read and using the guide at
created new certs as I was using our wildcard certs before from

I also installed the ca cert on the android device and still getting
the same error.

I've placed the logs here :




More information about the Freeradius-Users mailing list