Help with EAP TLS authentication
Alan DeKok
aland at deployingradius.com
Tue Sep 20 21:03:16 CEST 2016
> On Sep 20, 2016, at 1:42 PM, Peter Truman <peter.truman+freeradius at gmail.com> wrote:
>
> Hi there
>
> Trying to diagnose if I have a router OpenSSL issue, or a config issue
> (more likely). I've generated a self signed CA which seems to be working,
> but my new Freeradius 3 (3.0.11) "default" compile doesn't seem to like
> something....
>
> Here is my radiusd -Xx dump:
PLEASE follow instructions. It's not hard.
The FAQ, "man" pages, and web pages say to run with "radiusd -X". We say that for a reason: additional debugging is not useful 99% of the time. All it does is make the output harder to read.
After some editing:
(2) Received Access-Request Id 0 from
192.168.1.1:12227 to 192.168.1.210:1812 length 292
(2) User-Name = "pete at nexus5xp"
(2) NAS-IP-Address = 192.168.1.1
(2) Called-Station-Id = "305a3ac51d20"
(2) Calling-Station-Id = "64bc0c4b27bf"
(2) NAS-Identifier = "305a3ac51d20"
(2) NAS-Port = 83
(2) Framed-MTU = 1400
(2) NAS-Port-Type = Wireless-802.11
(2) EAP-Message =
0x020100ab0d0016030100a00100009c03038ef92dd289a9e47a08043ed8d17ba4aadbe9b997be545a3133beddda398a072b00003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff
(2) Message-Authenticator =
0x4e74d133cc690394c74156a7d305cf0f
(2) session-state: No State attribute
The State attribute is missing. It MUST exist for EAP to work.
Your NAS is broken. Throw it in the garbage and buy one that works.
No amount of poking FreeRADIUS will make your NAS follow the specifications correctly.
Throw the NAS in the garbage and buy one that works.
Alan DeKok.
More information about the Freeradius-Users
mailing list