I have tested eap-ttls with freeradius and client is aegis, the ms-chap, ms-chap-v2
and eap-md5 is work, but it seems the pap and chap isn't work, here is the message
from radiusd(using eap-ttls-pap), thanks !
rad_recv: Access-Request packet from host 192.168.102.1:1200, id=187, length=281
EAP-Message =
0x027b006c15800000006217030100183a14f67f8fde6b4b1d02e5224ceccd80d3ab24bbbb25d32b17030100400fffe387d3edb5fc712b6e29492e410bbd8fb4457bf19a7bde6f4d8ebe40439da8871e1abaabf15e3783cb4ba34a97faf7fe2a8e69734e09ac105340d4a8bea6
User-Name = "test"
NAS-Identifier = "IPONE_AG2000_KT"
NAS-IP-Address = 192.168.102.1
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Service-Type = Framed-User
Framed-MTU = 1400
Connect-Info = "CONNECT 11Mbps 802.11b"
Calling-Station-Id = "00-60-b3-6a-38-7f"
Called-Station-Id = "00-07-13-40-00-7c"
State = 0x8675b25f15e3b78950a070be27e214c8
Message-Authenticator = 0xfe666e934d24293a78b6577a5bde650d
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP packet type response id 123 length 108
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched test at 114
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes.
TTLS: Got tunneled request
User-Name = "test"
User-Password = "test"
Freeradius-Proxied-To = 127.0.0.1
TTLS: Sending tunneled request
User-Name = "test"
User-Password = "test"
Freeradius-Proxied-To = 127.0.0.1
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched test at 114
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
modcall[authenticate]: module "eap" returns fail
modcall: group authenticate returns fail
auth: Failed to validate the user.
TTLS: Got tunneled reply RADIUS code 3
Service-Type = Framed-User
Idle-Timeout = 2000
Session-Timeout = 20000
TTLS: Rejecting tunneled user
rlm_eap: Handler failed in EAP type 21
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 35 for 1 seconds
Finished request 35
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 187 to 192.168.102.1:1200
EAP-Message = 0x047b0004
Message-Authenticator = 0x00000000000000000000000000000000
------------------------------------------------------
Best Regard
george
獠丕~?够?撖殪够??纭囤?0~??b菏+?b策畋觎?�