On Mon, Feb 19, 2018 at 12:59:04PM +0100, Iris Fiedler wrote: Hi, > freeRADIUS: 3.0.15 (on a different PC with OpenSuse 42.3) > Konfigured as wpa-eap tls with identity and password.
EAP-TLS doesn't support passwords AFAIK. Perhaps you mean EAP-TTLS? > radius-tls.log > (35) Invalid user: [testUser1/<no User-Password attribute>] (from client > 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) > (35) Rejected in post-auth: [testUser1/<no User-Password attribute>] (from > client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) > (35) Login incorrect: [testUser1/<no User-Password attribute>] (from client > 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) > > As you can see the User-Password attribute is missing. Although the password > in nmcli was set. > > This is what nmcli is responding with: > nmcli device connect wlan0 > Passwords or encryption keys are required to access the wireless network > 'Linksys02355'. > Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli > cannot ask without '--ask' option. > Error: Connection activation failed: (7) Secrets were required, but not > provided. > > nmcli -a device connect wlan0 > Passwords or encryption keys are required to access the wireless network > 'Linksys02355'. > Identity (802-1x.identity): testUser1 > Passwords or encryption keys are required to access the wireless network > 'Linksys02355'. > Private key password (802-1x.private-key-password): > Passwords or encryption keys are required to access the wireless network > 'Linksys02355'. > Identity (802-1x.identity): testUser1 > > Even here no user password is asked!!! > > I created a new user without password. Although the radius server accepted > the authentication no connection was established!!! > > It confused me so I checkt if a wpa eap ttls-pap would work. > After reconfiguration of nmcli and radius server it worked without problems. > So I think this is only a tls problem. Yes, EAP-TLS only uses certificates and not passwords. Beniamino
signature.asc
Description: PGP signature
_______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list