Cross platform secure login on wpa2
Stefan Paetow
Stefan.Paetow at jisc.ac.uk
Tue Dec 20 12:16:06 CET 2016
> I got it working after adding phase2 pap to the client test on the local
> machine. I'm using rad_eap_test which is a wrapper around eapol_test
Ok. That *should* work.
> When I try to connect with an android device using
>
> * eap method : TTLS
> * Phase-2 auth : PAP
[8<]
> I've placed the logs here : https://hastebin.com/rufukabebu.sql
For Matthew, Alan D et al who prefer raw text, try https://hastebin.com/raw/rufukabebu
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] EAP Identity
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge
Ok, it appears that /etc/freeradius/eap.conf sets the default EAP type to 'md5'. Change that to 'ttls', otherwise you waste time negotiating EAP types.
Looking at the log, the session never gets to the inner-tunnel... so it never gets to do the Kerberos song-and-dance. It terminates before then.
Stefan Paetow
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
More information about the Freeradius-Users
mailing list