[EMAIL PROTECTED] wrote : > >My requirements : > > * Be able to have many different types of clients supported (Windows > >XP, GNU/Linux wpa_supplicant/NM, mobile devices etc.). > > * Not to have to bother about a local CA or any type of PKI (i.e. not > >generate certificates for all users, just have them user their > >login/pass). > > > > PEAP should be the protocol most clients will use. > > >Should I go with EAP-PEAP? Is that the "PEAPv0/EAP-MSCHAPv2" from the > >wiki? > > Yes.
Then I'm still completely lost. I've spent the whole day trying to get my mobile phone to connect to the Wi-Fi using EAP-TLS and EAP-PEAP with MSCHAPv2 in the PEAP configuration part. The radiusd debug output isn't really clear to me, and I'm still not sure where my problem is : * Is my Wi-Fi AP working okay? I guess since it's meant to be "dumb"... * Is my mobile phone configured okay? I don't know. * Is my radiusd configured okay? I don't know. * Is my LDAP client access configured okay? I don't know. * Are my SSL certificates configured okay? I don't know. * Am I even trying to right EAP modules/combination/auth? I don't know. Pretty tough, eh? :-) I'll be digging some more, but I do have three quick questions : 1) The only output I manage to get related to TLS is the following, is it normal or does it denote an error? [tls] Initiate [tls] Start returned 1 2) I keep getting this warning about LDAP passwords, but it seems like radiusd did manage to get the two useful hashes, should I worry or is the message harmless? [ldap] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x394133304 [...] rlm_ldap: sambaLmPassword -> LM-Password == 0x433042322 [...] [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user matthias authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok 3) What is it I should be configuring exactly on my mobile phone? Is EAP-TLS and EAP-PEAP with EAP-MSCHAPv2 something that should be working or am I on the wrong track? Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 9 (Sulphur) - Linux kernel 2.6.26.5-45.fc9.x86_64 Load : 0.19 0.14 0.14 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
