Trying to do EAP-TTLS-PAP with CRYPT passwd in LDAP.. The tunelling seems
fine.. but up to comparing the password it will failed. Refer below logs &
config
Some says (http://felipe-alfaro.org/blog/category/radius/) PAP is tunneled
inside EAP-TTLS through EAP-GTC... Tried that as well.. still same error..
gtc {
auth_type = PAP [even trying to change to LDAP/OCE - still same error)
}
Error
====
auth: type Local
auth: user supplied User-Password does NOT match local User-Password
auth: Failed to validate the user.
Login incorrect: [EMAIL PROTECTED] (from client localhost port 0)
TTLS: Got tunneled Access-Reject
rlm_eap: Handler failed in EAP/ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 9
modcall: leaving group authenticate (returns invalid) for request 9
auth: Failed to validate the user.
Login incorrect: [EMAIL PROTECTED] (from client OCE_JARING port 241 cli
00-11-5b-2d-b2-8e)
With setting:-
a) radiusd.conf
ldapOCE {
--some setting
}
authorize {
eap
Autz-Type OCE {
ldapOCE
}
}
authenticate {
Auth-Type OCE {
ldapOCE
}
eap
}
b) eap.conf
eap {
default_eap_type = ttls
tls {
--some setting
}
ttls {
default_eap_type = md5
}
c) users:-
DEFAULT Realm == "my015.com", Autz-Type := OCE
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
