hi
freeradius NEVER sends the EAPOL Key message. also the sending of an encapsulated EAP-Success is without any interest. The AP only wants to see the Access-Accept and that is what freeradius is responsible for.
Yes that's true. EAPOL Key messages are sent by AP. But as freeradius is sending Access-Accept in this case so AP is sending EAP-Success message. But the strange thing is why it is sending Access-Accept message without checking client certificate.
read above what i've said: the included eap-success message is not evaluated by the AP, only the Access-Accept counts. even if an EAP-Failure is included within the Access-Accept, the AP should issue an EAP-Success, s. 802.1X standard. and of course that has nothing to do with the discussion :-)
why did you set the User-Password? you do not need any user password. just comment out both lines and try again.
I am very new in freeradius. I am not sure here what should I use/set as Auth-Type. Can you please suggest me? Also I will check EAP-TLS without User-Password entry against "Administrator" login by tommorrow.
nothing. do not configure ANY user.
typically, if a user profile is present, it should contain further restrictions (Session-Timeout, etc.). if you do not have any, do not configure the user.
ciao artur
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
