i took a look at your log. for what concerns the server, your TTLS is working correctly and you are getting the Access-Accept sent out to the client. you even have accounting coming up for your TTLS user.
modcall: group authenticate returns handled
TTLS: Got tunneled reply RADIUS code 2
EAP-Message = 0x03010004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "xxxxxxxx"
TTLS: Got tunneled Access-Accept
rlm_eap: Freeing handler
TTLS: Freeing handler for user barney
modcall[authenticate]: module "eap" returns handled
modcall: group authenticate returns handled
Sending Access-Accept of id 17 to xxx.xxx.xxx.xxx:1204
MS-MPPE-Recv-Key = 0xdc375f3020c56c6d8486b0925a07e931c7a1dd27585d5f481dc614455c714de0
MS-MPPE-Send-Key = 0x8aa9578d6cec57fb0c5b9ceec8bbbf449309dc2961107c66751fa715f1c75c8b
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "anonymous"
Finished request 16
so you can see that your server sends the Accept. you even have accounting, that is the ports on the AP are open.
rad_recv: Accounting-Request packet from host xxx.xxx.xxx.xxx:1205, id=18, length=86
Acct-Status-Type = Start
User-Name = "anonymous"
Acct-Session-Id = "000181890002"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 0
Acct-Authentic = RADIUS
NAS-Identifier = "xxxxxxx"
Acct-Delay-Time = 0
Conclusion: if you encounter problems with your TTLS users, it has nothing to do with the server (server sends Accept) and probably not even of your AP (since it provides Accounting infos, thus it should think that the session is open for the user). Perhaps you have some problems at your client. i can't see it out of the provided log.
ciao artur
Nixon, Anthony S. wrote:
<shortened>Sorry for the out of list email, but I did not want others to see some of the info in the logs. It can be found at: xxxxxxxxx
Please let me know what you think.
-- Shon
-----Original Message----- From: Artur Hecker
i personally think that the problem is the client-server interaction. something is wrong and your client is not responding and you don't know why, so you suppose it's the AP but it's not.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
