radtest passes test, phone connects to WiFi, but laptop does not

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Nov 2 22:43:44 CET 2016


> Examples of the code that I am running. I included a pastebin for the 3000 lines of radius -X output.
> radtest -t mschap daniel.radius  passw0rd 0 testing123

radtest is a basic non EAP tool.  therefore the authentication doesnt use the EAP module, therefore
inner-tunnel isnt used....all you need to configure is stuff in 'default' (out of the box) or whatever
you've called your non EAP virtual server

> authenticate {


testing from a client using 802.1X will activate the EAP module...and, with the default config
you will see that hits the other virtual server - inner-tunnel - so THAT virtual server needs

now, note, pay careful attention to the debug output....as the innerID info may be different
to the outerID info - may have no realm in it...so stripped-user-name isnt populated etc.
this needs to be dealt with.

the debug output is big...but most of it can be skipped...you can clearly follow the RADIUS
conversation in the output...remember, when the packet comes to the server it goes through the
whole engine..all policies , from the start...so there is a lot of duplication (if there are
no changes). you can skip straight to the part where is tells you its now using
inner-tunnel (ie EAP has been started up and theres no big EAP-Message attributes being chucked
around.... ignore those (for now, thats more advanced) - just look at the basics...like what the
server is doing for authorize/authenticate in the inner tunnel.  

it DOES suddenly become easier and comprehensible  (unlike those magic eye pictures which I've
never been able to see)


More information about the Freeradius-Users mailing list