Quoting Phil Mayers <[email protected]>:
Your client is doing EAP-TTLS/EAP-MD5.
You have two choices:
1. Reconfigure the client to do EAP-TTLS/PAP, which PAM will be
able to authenticate
2. Stop using PAM, and provide the server with the client
credentials in a form compatible with your EAP-type (see 1st URL
above)
Choice #1 seemed worth a shot, so I altered my client's
wpa_supplicant.conf by adding one extra line -- a 'phase2' attribute
for PAP:
network={
ssid="mynet"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TTLS
identity="jwinius"
password="secret"
ca_cert="/etc/certs/ca.pem"
phase2="auth=PAP"
}
This configuration, together with the freeradius configuration already
described in my first post in this thread, worked immediately. :-)
Thank you very much, Phil Mayers, and thanks also to Alan DeKok.
Cheers,
Jaap
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
