I see that the example in the link uses PAP instead of EAP? When I try to use that, the supplicant does not try to authenticate at all, exept when I go to User account, and write in user credentials manually. But then SecureW2 tries to authenticate me as [EMAIL PROTECTED]/password, istead of domain\\username as it should be. Either way, I want to user the logon information, not write in the information manually.
So the solution is still not working, even with the changes you suggested int eap.conf But it works, however, if I use EAP with MSCHAP v2, but I guess that's good enough? Anyway, have you been able to authenticate at a very early stage, so logon scripts can be used with SecureW2? If not, are there other supplicants that support that? Thanks so far! - Øystein > -----Original Message----- > From: Rok Papez [mailto:[EMAIL PROTECTED] > Sent: 4. februar 2005 14:56 > To: freeradius-users@lists.freeradius.org > Subject: Re: Problems with ttls using SecureW2 > > Hello Øystein. > > Dne petek 04 februar 2005 08:37 je Øystein Gåsdal napisal(a): > > > I think Alan wrote that the job with getting ttls to work > was to set > > up tls properly... Freeradius works with the built-in 802.1x > > supplicant, so I guess that tls is in fact set up properly? > > > > In eap.conf i have unchecked these lines: > > > > ttls { > > > > default_eap_type = md5 > > > > copy_request_to_tunnel = yes > > > > use_tunneled_reply = no > > } > > > > Anyone else having this problem, or at least knows what i'm doing > > wrong? :) > > No, EAP-TTLS is working just fine for me (FreeRADIUS and SecureW2) :). > This is my eap.conf: > > eap { > default_eap_type = ttls > timer_expire = 60 > ignore_unknown_eap_types = no > # Cisco AP1230B firmware 12.2(13)JA1 has a bug. When given > # a User-Name attribute in an Access-Accept, it copies one > # more byte than it should. > # > # We can work around it by configurably adding an extra > # zero byte. > cisco_accounting_username_bug = yes > tls { > private_key_file = /etc/ssl/key.pem > certificate_file = /etc/ssl/cert.pem > CA_file = /etc/ssl/cacert.pem > dh_file = /etc/ssl/dh > random_file = /dev/urandom > fragment_size = 1024 > include_length = yes > } > ttls { > use_tunneled_reply = yes > } > } > > And here are the instructions how to set-up the SecureW2 > client (they are in Slovenian language, but screenshots are > from an English Windows XP): > http://www.arnes.si/bio/nastavitve/nastavitve_secure_w2_sp2.html > > -- > lep pozdrav, > Rok Papež. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
