[RADIATOR] Trying to get Radiator to work with EAP-TTLS auth

Christopher Chance cchance at newtechgrp.com
Wed Jun 4 11:09:57 CDT 2014 

Ok I copied straight from the goodies (eap_misc I think..) and even used certificates and still getting that error

EAP authentication is not Permitted

Current config is, just to clarify I have it working in freeradius, but want to use our radiator….

<Handler TunnelledByTTLS=1,Realm=epmp.test.net>
                AuthByPolicy ContinueWhileIgnore

                <AuthBy FILE>
                                Filename %D/users-eap2
                                # This tells the PEAP client what types of inner EAP requests
                                # we will honour
                                EAPType MSCHAP-V2,MD5,TLS,TTLS
                                # Need these for TLS
                                EAPTLS_CAFile %D/ca.pem
                                EAPTLS_CertificateFile %D/server.pem
                                EAPTLS_CertificateType PEM
                                EAPTLS_PrivateKeyFile %D/server.pem
                                EAPTLS_PrivateKeyPassword whatever
                </AuthBy>

                <Log FILE>
                                Filename %L/eaplog2
                                Trace 4
                </Log>
</Handler>

<Handler Realm=epmp.test.net>
                AuthByPolicy ContinueWhileIgnore

                <AuthBy FILE>
                                Filename %D/users-eap
                                EAPType TTLS,TLS,MD5,MSCHAP-V2
                                EAPTLS_CAFile %D/ca.pem
                                EAPTLS_CertificateFile %D/server.pem
                                EAPTLS_CertificateType PEM
                                EAPTLS_PrivateKeyFile %D/server.pem
                                EAPTLS_PrivateKeyPassword whatever
                                EAPTLS_MaxFragmentSize 1000.
                                AutoMPPEKeys
                                EAPTLS_PEAPVersion 0
                                EAPTLS_PEAPBrokenV1Label
                </AuthBy>

                <Log FILE>
                                Filename %L/eaplog
                                Trace 4
                </Log>
</Handler>

Best regards,

Chris Chance
Network Enginner - CaribServe

Phone: +1 721 542-4233
Email:   cchance at newtechgrp.com
[cid:image001.jpg at 01CF7FED.96520C90]

From: Alan Buxey [mailto:A.L.M.Buxey at lboro.ac.uk]
Sent: Tuesday, June 3, 2014 1:59 PM
To: Christopher Chance; radiator at open.com.au
Subject: Re: [RADIATOR] Trying to get Radiator to work with EAP-TTLS auth

Your handlers need to be the other way around. The inner needs to be listed first. See the goodies directory for example. I'd advise an upgrade too

alan
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20140604/5899491b/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3994 bytes
Desc: image001.jpg
Url : http://www.open.com.au/pipermail/radiator/attachments/20140604/5899491b/attachment-0001.jpg

More information about the radiator mailing list