Janusz Syrytczyk wrote: > Problem is that I cannot authenticate to my network with wpa_supplicant, > although I could, and from Windows & Secure2w TTLS wrapper - I can. I use > Gentoo and did some upgrades (but nothing special I guess, kernel is the > same, and wpa_supplicant also) ... > Ready to process requests. < deleted> > EAP-Message = 0x020200060315 ... > rlm_eap: EAP-NAK asked for EAP-Type/ttls
So the server starts EAP-TTLS: > Sending Access-Challenge of id 90 to 217.173.193.40 port 4347 > EAP-Message = 0x010300061520 The server increments the EAP id (byte 2 of the EAP-Message) > rad_recv: Access-Request packet from host 217.173.193.40:4347, id=91, > length=201 ... > EAP-Message = 0x020200060315 And the supplicant responds with an EAP NAK, sating "No, I want EAP-TTLS". Either the AP is broken, or the supplicant is broken. The supplicant SHOULD NOT send back a NAK for something it just asked for. It should also increment the EAP id field (byte 2). Instead, it re-uses the EAP Id. If the AP is broken, then it's the one that decides to NOT send the EAP-TTLS start to the supplicant. Instead, it just echoes back the NAK that the supplicant previously sent. Check the supplicant logs. If it's really sending the NAK twice, then it is broken. If it's sending the NAK once, then the AP is broken. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
