Hi,
That EAP-TLS isn't supporting passwords maybe the case.

I configure my freeradius server without passwords and set in nmcli the password-flag to 4 (no password required).

I got the same error as if I had before.

nmcli device connect wlan0 
Passwords or encryption keys are required to access the wireless network 'Linksys02355'. 
Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option. 
Error: Connection activation failed: (7) Secrets were required, but not provided

Although my radius server tells me that it accepts the authentication send from nmcli.

Is there something else that I'm missing?

Iris


Am 21.02.2018 09:24 schrieb Beniamino Galvani <bgalv...@redhat.com>:

On Mon, Feb 19, 2018 at 12:59:04PM +0100, Iris Fiedler wrote:
Hi,

> freeRADIUS: 3.0.15 (on a different PC with OpenSuse 42.3)
> Konfigured as wpa-eap tls with identity and password.

EAP-TLS doesn't support passwords AFAIK. Perhaps you mean EAP-TTLS?

> radius-tls.log
> (35)   Invalid user: [testUser1/<no User-Password attribute>] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
> (35)   Rejected in post-auth: [testUser1/<no User-Password attribute>] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
> (35)   Login incorrect: [testUser1/<no User-Password attribute>] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
>
> As you can see the User-Password attribute is missing. Although the password in nmcli was set.
>
> This is what nmcli is responding with:
> nmcli device connect wlan0
> Passwords or encryption keys are required to access the wireless network 'Linksys02355'.
> Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
> Error: Connection activation failed: (7) Secrets were required, but not provided.
>
> nmcli -a  device connect wlan0
> Passwords or encryption keys are required to access the wireless network 'Linksys02355'.
> Identity (802-1x.identity): testUser1
> Passwords or encryption keys are required to access the wireless network 'Linksys02355'.
> Private key password (802-1x.private-key-password):
> Passwords or encryption keys are required to access the wireless network 'Linksys02355'.
> Identity (802-1x.identity): testUser1
>
> Even here no user password is asked!!!
>
> I created a new user without password. Although the radius server accepted the authentication no connection was established!!!
>
> It confused me so I checkt if a wpa eap ttls-pap would work.
> After reconfiguration of nmcli and radius server it worked without problems.
> So I think this is only a tls problem.

Yes, EAP-TLS only uses certificates and not passwords.

Beniamino


_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Reply via email to