[RADIATOR] Trying to get Radiator to work with EAP-TTLS auth

Christopher Chance cchance at newtechgrp.com
Tue Jun 3 12:15:21 CDT 2014 

I'm fighting to get Radiator working with our Cambium ePMP Wireless AP's.

They talk EAP-TTLS for authentication.

I managed to get past my first issue by installing the net:ssleay module from a repository (we're running windows so took a bit of searching to find a copy).

We have Radiator 4.9 installed currently...

Radiator is working with SQL for 1 set of devices we have but I'm trying to get a realm setup for the new EAP-TTLS devices.. (the old devices that do work are just standard radius) ...

When the ttls devices try to connect I get this in the logs
ERR: Could not handle an EAP request: Can't locate object method "response_identity" via package "Radius::EAP_21" at C:/Perl/site/lib/Radius/EAP.pm line 169.
Mon Jun  2 16:16:40 2014: INFO: Access rejected for anonymous at epmp.test.net<mailto:anonymous at epmp.test.net>: Could not handle an EAP request
Config for the TTLS stuff is the below, though I don't think it's a config issue...

Really appreciate any assistance everyone can give me thanks.

Users-eap  has a line that says anonymous
And users-eap2 has a line with username User-Password password

Config i added...
<Realm epmp.test.net>
                AuthByPolicy ContinueWhileIgnore

                <AuthBy FILE>
                                CachePasswordExpiry 86400
                                EAPAnonymous %0
                                EAPContextTimeout 1000
                                EAPFAST_PAC_Lifetime 7776000
                                EAPFAST_PAC_Reprovision 2592000
                                EAPTLS_MaxFragmentSize 2048
                                EAPTLS_PEAPVersion 0
                                EAPTLS_SessionResumption 1
                                EAPTLS_SessionResumptionLimit 43200
                                EAPTLS_VerifyDepth 1
                                EAPTTLS_NoAckRequired 1
                                EAPType TTLS
                                EAPType TLS
                                EAPType LEAP
                                Filename %D/users-eap
                                PasswordPrompt password
                                SIPDigestRealm DefaultSipRealm
                </AuthBy>

                <Log FILE>
                                Filename %L/eaplog
                                Trace 4
                </Log>
</Realm>

<Handler TunnelledByTTLS=1,Realm=epmp.test.net>
                AuthByPolicy ContinueWhileIgnore

                <AuthBy FILE>
                                CachePasswordExpiry 86400
                                EAPAnonymous anonymous
                                EAPContextTimeout 1000
                                EAPFAST_PAC_Lifetime 7776000
                                EAPFAST_PAC_Reprovision 2592000
                                EAPTLS_MaxFragmentSize 2048
                                EAPTLS_PEAPVersion 0
                                EAPTLS_SessionResumption 1
                                EAPTLS_SessionResumptionLimit 43200
                                EAPTLS_VerifyDepth 1
                                Filename %D/users-eap2
                                PasswordPrompt password
                                SIPDigestRealm DefaultSipRealm
                                UsernameMatchesWithoutRealm 1
                </AuthBy>

                <Log FILE>
                                Filename %L/eaplog2
                                Trace 4
                </Log>
</Handler>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20140603/99f8cf0e/attachment.html

More information about the radiator mailing list