EAP-TTLS+PAP vs. Ubunt 15 / Windows 10

Matthew Newton mcn4 at leicester.ac.uk
Tue Sep 6 12:55:04 CEST 2016


On Tue, Sep 06, 2016 at 01:14:04PM +0300, Bogdan Rudas via Freeradius-Users wrote:
> Here is more complete output for Ubuntu 15.10 client:

That's more useful, thanks.

...
> (0) Sent Access-Challenge Id 172 from 1.2.3.4:1812 to 1.2.3.2:32768 length 0
> (0)   EAP-Message = 0x010200061520
> (0)   Message-Authenticator = 0x00000000000000000000000000000000
> (0)   State = 0xaa5a11c1aa5804cd3319b975cc2ec9dd
> (0) Finished request
> Waking up in 4.9 seconds.
> Waking up in 7.8 seconds.
> Waking up in 15.7 seconds.
> Waking up in 33.6 seconds.


...
> (0) Sent Access-Challenge Id 173 from 1.2.3.4:1812 to 1.2.3.2:32768 length 0
> (0)   EAP-Message = 0x010300061520
> (0)   Message-Authenticator = 0x00000000000000000000000000000000
> (0)   State = 0x8d5396258d5083331fb57364af922639
> (0) Finished request
> Waking up in 4.9 seconds.
> Waking up in 7.8 seconds.
> Waking up in 15.7 seconds.
> Waking up in 33.6 seconds.
> Waking up in 71.5 seconds.

I would check firewalls to make sure the RADIUS packets are
actually getting back to the NAS (or that the NAS is sending the
EAP challenge back to the clients).

Nothing has happened this early in the process, so it's not
something like the client is rejecting the server certificate.

Rather than eapol_test, you could run wpasupplicant directly on
the linux box and watch its debug output. See if it gets a
response - if not, then work out why. Possibly check the NAS logs.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list