> Don't. FreeRadius typically treats EAP-Requests as _two_ requests. It handles
> the EAP stuff
> and then generates a new request for the stuff that's contained in the tunnel
> (e.g. PAP) and
> sends that to itself. So, if you force Auth-Type to either EAP or PAP
> unconditionally, either
> the "inner" (PAP) or the outer (EAP) protocol cannot be handled.
you are probably right, I definitly will avoid forcing Auth-Type and let
freeradius do the job.
> Apparently, it can't find a password (cleartext or uncrypted) for the user,
> so it falls
> back to Auth-Type System. Try to get PAP authentication working by itself,
> first, i.e.
> just use radtest to send username/password combinations to the server and fix
> their
> handling. Once that works, EAP-TTLS with PAP should work as well.
You pointed it out. Actually I just had to *comment out* (or force Auth-Type :=
PAP) :
DEFAULT Auth-Type = System
Fall-Through = 1
which was earlier defined in the users file.
And stay with the simple :
"testuser" Password == "testpass"
The proxy works also like a charm if you take care to add in the proxy.conf, in
the realm definition : 'nostrip'
(got that stupid error about "Identity does not match User-Name, setting from
EAP Identity" for a while)
So thanks for the quick reply Stefan !
--
Mathieu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
