Hello Hoercher,
Please see below answers/questions (in red):
ok, i played around a bit and found EAP-TTLS working with no
particular problems.
On 10/21/06, Rafiqul Ahsan < [EMAIL PROTECTED]> wrote:
> "testuser" User-Password := "testuser"
looks ok, but I'm not absolutely sure about the quotation marks for
the username, they are not needed in any case.
ok, i played around a bit and found EAP-TTLS working with no
particular problems.
On 10/21/06, Rafiqul Ahsan < [EMAIL PROTECTED]> wrote:
> "testuser" User-Password := "testuser"
looks ok, but I'm not absolutely sure about the quotation marks for
the username, they are not needed in any case.
testuser User-Password :="testuser"
I will try with only above entry in users file
> the error was about no matching "anonymous_identity", and thats why I had to
> have a DEFAULT entry after this with Auth-Type :=EAP.
As you didn't show that error one cannot check for it's real cause.
Everything else correctly configured you don't need that setting (and
it might be actually wrong depending on circumstances).
OK, I found some positings about username_identity_check disabling for user "anonymous"...here it is
Quote
I guess since somebody implemented this check, there must be some broken NASes out there... and
the attached patch fixes this situation. If user sets "username_identity_check = no" in
eap section it will disable this check. The default for this setting is "yes".
the attached patch fixes this situation. If user sets "username_identity_check = no" in
eap section it will disable this check. The default for this setting is "yes".
Unquote
So, now I have added this patch to files eap.c, rlm_eap.h, and rlm_eap.c, compiled. I will test it this on monday.I am expecting this patch will lead to pass this anonymous user check phase in radius
server.I will post you the result on that. Please let me know if you are aware of this.
> Do you suggest any particular format of my users file ? Please note, the
> phase 1 user identity is "anonymous_identity", and phase 2 user/passwd is
> "testuser/testuser".
I did take note. So, take an unaltered users file and just add your
line as mentioned above.
Something I found in your previous post led to an failure here. Use
phase2="autheap=MSCHAPV2"
instead of
phase2="auth=MSCHAPV2"
Not sure where we configure this phase2="autheap=MSCHAPV2" ? Are we at phase 2 yet ? I thought we have not passed the phase 1..can you pls clarify ?
> modcall: entering group authenticate for request 1^M
> rlm_eap: Either EAP-request timed out OR EAP-response to an unknown
> EAP-request^M
That does look strange (and might indicate your real problem), if it
still persists with the suggested changes it might be useful to dig
further into that. Perhaps you could add another -x to the freeradius
invocation to get timestamps on the logfile.
I will test with the above patch - and see if we can pass the anonymous identity check problem. If persists - I will recompile with original files mentioned above, and test again to give you the full debug logs.
Thanks
Rafi
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
