[RADIATOR] TTLS/EAP setup
Heikki Vatiainen
hvn at open.com.au
Fri Nov 25 14:12:27 UTC 2016
On 25.11.2016 1.00, rohan.henry cwjamaica.com wrote:
> It seems Radiator is not receiving expected response after sending
> access-challenge to NAS (Telrad station).
>
> Does my radiator response look ok?
It does look ok for PEAP. You are receiving EAP-Response/Identity to
which Radiator responds with EAP-Request/PEAP-Start. This looks like
normal PEAP authentication start.
What happens then is that the RADIUS client sends again the same
request. I'd say this means the response from Radiator is dropped,
ignored or, in general, does not reach the RADIUS client (or maybe the
device trying the authenticate with EAP-TTLS).
Maybe the request is dropped because Radiator tries to start PEAP and
only EAP-TTLS is supported and the client does not know how to send NAK
and request EAP-TTLS.
See that your configuration does not have EAPType set to PEAP. Plain
'EAPType TTLS' should be enough.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list