Cross platform secure login on wpa2

Stefan Paetow Stefan.Paetow at
Tue Dec 20 12:16:06 CET 2016

> I got it working after adding phase2 pap to the client test on the local
> machine. I'm using rad_eap_test which is a wrapper around eapol_test

Ok. That *should* work.

> When I try to connect with an android device using
> * eap method : TTLS
> * Phase-2 auth : PAP
> I've placed the logs here :

For Matthew, Alan D et al who prefer raw text, try

> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] EAP Identity
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge

Ok, it appears that /etc/freeradius/eap.conf sets the default EAP type to 'md5'. Change that to 'ttls', otherwise you waste time negotiating EAP types.

Looking at the log, the session never gets to the inner-tunnel... so it never gets to do the Kerberos song-and-dance. It terminates before then. 

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at
skype: stefan.paetow.janet

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

More information about the Freeradius-Users mailing list