Howdie,
I am trying to get EAP-TTLS-EAP-* working... but I keep running into the
following with any EAP type within EAP-TTLS.
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes.
TTLS: Got tunneled request
EAP-Message = 0x0200001701746f6d2e7269786f6d40746573742e636f6d
Message-Authenticator = 0x00000000000000000000000000000000
FreeRADIUS-Proxied-To = 127.0.0.1
TTLS: Got tunneled identity of [EMAIL PROTECTED]
TTLS: Setting default EAP type for tunneled EAP session.
TTLS: Sending tunneled request
EAP-Message = 0x0200001701746f6d2e7269786f6d40746573742e636f6d
Message-Authenticator = 0x00000000000000000000000000000000
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "[EMAIL PROTECTED]"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: Looking up realm "test.com" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "test.com"
rlm_realm: Adding Stripped-User-Name = "tom.rixom"
rlm_realm: Proxying request from user tom.rixom to realm test.com
rlm_realm: Adding Realm = "test.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 0 length 23
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched tom.rixom at 80
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
TTLS: Got tunneled reply RADIUS code 11
EAP-Message = 0x010100160410450549cc85b2e560a6c7010b8a0d456a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc286e5115c81914c9ae2633ea0b90b4f
TTLS: Got tunneled Access-Challenge
rlm_eap: Handler failed in EAP/ttls
TTLS: Freeing handler for user [EMAIL PROTECTED]
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 5
modcall: group authenticate returns invalid for request 5
auth: Failed to validate the user.
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
I guess this is a config problem...
As you can see the rlm_eap_md5 does issue a challenge but when the rlm_eap
module takes over it fails without an error message...
Has anyone got this workging with the Odyssey or Aegis client?
Tom Rixom
Alfa & Ariss
Network Security Solutions
www.alfa-ariss.com
Lansinkesweg 4-226
7553 AE Hengelo Ov
PO Box 960-35
7550 AZ Hengelo Ov
The Netherlands
Tel: +31 (0)74 2555 636
E-mail: [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
