WPA2 entreprise : Access-Accept but not connected
Arno Tarpin
arno.tarpin at gmail.com
Thu Jan 12 14:41:12 CET 2017
Thanks for your answer,
I try many thing and I finally found the problem :
In the eap.conf :
eap {
>
> default_eap_type = ttls
>
> timer_expire = 60
>
> ignore_unknown_eap_types = no
>
> cisco_accounting_username_bug = no
>
> max_sessions = 4096
>
> tls {
>
> certdir = ${confdir}/certs
>
> cadir = ${confdir}/certs
>
> private_key_password = whatever
>
> private_key_file = ${certdir}/server.key
>
> certificate_file = ${certdir}/server.pem
>
> CA_file = ${cadir}/ca.pem
>
> dh_file = ${certdir}/dh
>
> random_file = /dev/urandom
>
> CA_path = ${cadir}
>
> cipher_list = "DEFAULT"
>
> make_cert_command = "${certdir}/bootstrap"
>
> ecdh_curve = "prime256v1"
>
> cache {
>
> enable = no
>
> lifetime = 24 # hours
>
> max_entries = 255
>
> }
>
> }
>
> ttls {
>
> default_eap_type = mschapv2
>
> copy_request_to_tunnel = yes
>
> use_tunneled_reply = yes
>
> virtual_server = "inner-tunnel"
>
> }
>
> peap {
>
> default_eap_type = mschapv2
>
> copy_request_to_tunnel = yes
>
> use_tunneled_reply = yes
>
> virtual_server = "inner-tunnel"
>
> }
>
> mschapv2 {
>
> }
>
> }
>
>
I change the
eap {
default_eap_type = ttls
to
> eap {
default_eap_type = mschapv2
and add in the mschapv2 :
mschapv2 {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}
This work for me but I still don't know why, for me *default_eap_type =
ttls* at the begin should point to :
ttls {
>
> default_eap_type = mschapv2
>
> copy_request_to_tunnel = yes
>
> use_tunneled_reply = yes
>
> virtual_server = "inner-tunnel"
>
> }
>
> Which point to the module/mschap file ?
Anyway now it's seem to work, Thanks you for your support !
2017-01-12 11:51 GMT+01:00 Matthew Newton <mcn4 at leicester.ac.uk>:
> On Thu, Jan 12, 2017 at 10:18:04AM +0100, Arno Tarpin wrote:
> > First I'm sorry for my bad English...
>
> Your English is good.
>
> > I just install Freeradius (using this tutorial
> > <https://blog.fenrir.fr/2013/09/07/655/>), everything work (I get a
>
> The best instructions to follow are generally Alan DeKok's at
> http://deployingradius.com/
>
> > access-accept when I try the radtest command) but when I try connect to
> the
> > AP using WPA2 Entreprise, my devise (I use an Iphone but with a Laptop I
> > get the same problem) don't connect.
>
> > Sending Access-Accept of id 27 to 192.168.11.122 port 55831
> > MS-MPPE-Encryption-Policy = 0x00000002
> > MS-MPPE-Encryption-Types = 0x00000004
> > MS-MPPE-Send-Key = 0xd2945975ecf1a221e1ee1d070d2891dd
> > MS-MPPE-Recv-Key = 0x834f4d25d1269b7014c27c5140b1f898
> > Message-Authenticator = 0x00000000000000000000000000000000
> > User-Name = "a.tarpin"
> > MS-MPPE-Recv-Key = 0xe27cfc4aeaf04ba460adf86811d3
> c2a068b52bbe4e30d0e79c48a1d801de5bbc
> > MS-MPPE-Send-Key = 0x4e3c07e4df836b2af32406a60a1b
> a337d035d39c2608723f6c43a54c636db116
> > EAP-Message = 0x037c0004
>
> You've got two sets of MS-MPPE-Recv-Key/MS-MPPE-Send-Key.
>
> If you've set use_tunneled_reply = yes in the eap ttls
> configuration, set it back to "no" again and try again.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
More information about the Freeradius-Users
mailing list