EAP PEAP issues

Alan Buxey alan.buxey at gmail.com
Fri Mar 17 09:55:34 UTC 2023


hi,


> Working getting FreeRadius talking to a WPA2 Enterprise network.
>
> At this time, having gone through the instructions:
>
> This command (local user in ..users) works great:
>
> radtest -t mschap bob hello 127.0.0.1:18120 0 testing123
>
> Comes right back with 'hello bob' as it should.   So presumably mschap is
> working at some level, and Windows connects to it without much fuss and
> bother.
>
> This command doesn't:
>
> radtest -t mschap farhadtest Rambo5201 127.0.0.1:18120 0 testing123
>
> It tries to auth against ldap, is *not* working from the CLI, and Windows
> can't connect (obviously).   Is mschap even working?  It looks like it is,
> but something else is misconfigured that's blocking external auth.
>
> Radius -X output is below, with a successful and unsuccessful auth.  here
> are questions.
> - I thought I had configured this to talk to our ldap host as I've done
> with others, and yet it's ignoring the ldap module.  I'm trying to ID where
> I missed it in the configuration....
> - It's not doing EAP on either authentication, and I don't know why.  I've
> configured it from scratch with the instructions, and it's close but no
> cigar so far.  Why is EAP a noop?  It looks like it's configured in both
> default and inner-tunnel....

in the first instance, you will need to decide how you are taking to
LDAP - either looking things up (oracle) or binding to LDAP use the
user , either way will give you some restrictions as to what you can
and cant do
http://deployingradius.com/documents/protocols/oracles.html

in the second instance , its not doing EAP because radtest is not an
EAP testing tool - you need to use eg eapol_test (from the
wpa_supplicant package) or other tool to test EAP on the command line
(which I would strongly suggest you do before bringing in real traffic
from Access Points and clients.....

regards

alan


More information about the Freeradius-Users mailing list