Thanks for your help.
I've followed the tutorial at deploying radius.conf, but there I don't
see any indication on how to enable TTLS. Should it be working out of
the box?
The only sections I modified from the default config is the radiusd.conf
to set my ldap parameters and the inner-tunnel config file to
uncomment the ldap authentication lines.
I understand that ttls is not being enabled in the default virtual host,
could you provide an example on how to enable it?
Thank you very much for your help and time.
Alan DeKok escribió:
Matias wrote:
I've an Acces Point configured to ask my radius server for
authentication, this servers uses as a backend an openldap server with
SSHA passwords on it. I've followed all the manuals and documentation
I've found and I can't get this to work.
http://deployingradius.com
There is a step-by-step guide to getting EAP to work.
The problem as far as I can see is related to the outer tunnel, it seems
that the user "anonymous" cannot be authenticated and everthing ends
there.
No. The debug log clearly shows what the problem is.
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: NAK asked for unsupported type 21
Type 21 is TTLS.
rlm_eap: No common EAP types found.
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
You have not configured the server to support TTLS. So... it doesn't
do TTLS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html