On Thu, Aug 25, 2022 at 2:42 AM Pavel Kůžel <[email protected]> wrote: > > Hello, > > has anybody successfully configured the RADIUS authentication using EAP-TTLS > on guacamole server? Although I configured EAP-TTLS, when a client's > authentication should be optional, the RADIUS extension demands radius key > file. Anyway, I created the key file including a cert and a key in PEM > format, the RADIUS extension was successfuly initiated afterwards, but I > ended up on ERROR message: > > "ERROR o.a.g.a.r.RadiusConnectionService - Unable to complete > authentication." > > after calling radAuth.setupRequest(radiusClient, radAcc) in authenticate > method. > > My radius auth. guacamole config follows: > radius-hostname: <my_radius_server> > radius-auth-port: 1812 > radius-shared-secret: <my_share_secret> > radius-auth-protocol: eap-ttls > radius-eap-ttls-inner-protocol: chap > radius-trust-all: true > radius-retries: 3 > radius-timeout: 30 > > Maybe somebody with a working configuration might be so kind and point me to > the right direction. >
It was definitely something I tested and verified working back when I wrote the module, but I've never used EAP-TTLS in any sort of a long-term production environment, so I don't have a working configuration to share. I'd suggest the following: * Examine logs on the RADIUS server to see if it provides any hints as to why authentication is failing. * Turn up logging for the web application and see if you get any additional debug messages from the RADIUS module. Instructions for this are documented in the manual: https://guacamole.apache.org/doc/gug/configuring-guacamole.html#logging-within-the-web-application -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
