On Mon, Dec 12, 2011 at 6:30 PM, Ryan Garland <she...@gmail.com> wrote: > > Thanks for the response, Alan. > > It turns out part of my issue was certificate related. This has been > resolved, but eapol_test continues to fail for a different reason. > However, I am having trouble determining a fix. > > Attached is the eapol_test configuration, debug output, FreeRADIUS > configuration & debug output. > > It appears that the relevant portion of the FreeRADIUS debug output is: > > Found Auth-Type = EAP > # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/md5 > [eap] processing type md5 > rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication > [eap] Handler failed in EAP/md5 > [eap] Failed in EAP select > ++[eap] returns invalid > Failed to authenticate the user. > } # server inner-tunnel > [ttls] Got tunneled reply code 3 > EAP-Message = 0x04010004 > Message-Authenticator = 0x00000000000000000000000000000000 > [ttls] Got tunneled Access-Reject > [eap] Handler failed in EAP/ttls > rlm_eap_ttls: Freeing handler for user ryan > [eap] Failed in EAP select > ++[eap] returns invalid > Failed to authenticate the user. > > I am having an even more difficult time deciphering the eapol_test > debug output - I just see the EAP failure from the radius server. > > I have also tried commenting out 'virtual_server = "inner-tunnel"' in > the ttls section of eap.conf to force it to use default (as the > documentation inside the "default" virtual server would seem to imply > I should do) and I get the same result. I may be mis-reading it, > however. > > Do you see something glaringly wrong? I appreciate any insight you can > provide.
Sorry, I should have been more clear. I'm not sure what my options are with regards to Cleartext-Password and using EAP-MD5, if that is indeed what is causing the failure. I am attempting to get eapol_test to work since it sounds like this should be my first priority. The OS X supplicant continues not to respond to the Access-Challenge even though its profile is set up with the corrected ca.der - but, one step at a time. -RG - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html