Hello all, I have been struggling to get the EAP-TTLS to work.
I have been following this guide: <http://rbirri.9online.fr/howto/Freeradius_+_TTLS.html> http://rbirri.9online.fr/howto/Freeradius_+_TTLS.html And i think the setup of all things has gone fine (biggest problem i had was creating the certifcates). I have tested the connection with "raddtest" and the tool "NTRadPing" and everything seems ok. However when i try to connect from my Linux machine using WPA supplicant, the following errors appear in the Radius server console: ............................................................................ ....... Going to the next request Waking up in 4.9 seconds. User-Name = "[EMAIL PROTECTED]" NAS-IP-Address = 192.168.1.144 Called-Station-Id = "00-20-a6-64-c3-b1:MVG-Personal" Calling-Station-Id = "00-0f-cb-f9-3b-f9;MVG-Personal" NAS-Identifier = "MVG-1" State = 0xdea187e5dea3836d25979821eb25f055 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200060315 Message-Authenticator = 0x80154e870b93b69627ead5a0eee17643 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: Looking up realm "mediavisiongroup.se" for User-Name = "[EMAIL PROTECTED] iavisiongroup.se" rlm_realm: No such realm "mediavisiongroup.se" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/ttls rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdea187e5dfa2926d25979821eb25f055 Finished request 1. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 48 with timestamp +3 Cleaning up request 1 ID 49 with timestamp +3 Ready to process requests. ............................................................................ ....... The connection conf from the Linux box is (/etc/wpa_supplicant.conf): network={ ssid="MVG-Personal" scan_ssid=1 key_mgmt=WPA-EAP eap=TTLS identity="[EMAIL PROTECTED]" anonymous_identity="[EMAIL PROTECTED]" password="foobar" ca_cert="/etc/cert/ca.pem" phase2="auth=MD5" } - I am guessing that the /etc/cert/ca.pem is the "client certification" i created from the freeradius. - User and password above (in the file /etc/wpa_supplicant.conf) do exist and is correct. They match the user and password in the file on the freeradius "/usr/local/etc/raddb/users". ............................................................................ ....... Also so i understand this, three certficates are needed for EAP-TTLS ? CA= root certifcate stored on the freeradius machine Server = certifcate also stored on the freeradius machine Client = certifcate copied to the client trying to connect And on the client the path in the "wpa_supplicant.conf" to the client certificate is correct. In short: the client seem to connect to the freeradius, but i am getting no IP to the client. ............................................................................ ....... Thanks very much for help! Best regards, Johan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
