[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Weird Wifi problem -- WPA-EAP TTLS fails



On Fri, 20 May 2011 20:47:21 -0400
Andrew Reid <reidac@bellatlantic.net> wrote:

> 
>   So, apologies for the long-windedness, but what can cause EAP to
> fail?  Do I need to add some libraries with more authentication
> schemes in them somehow?  Obviously I have all the dependencies of
> wpa_supplicant, but is there something else?
> 

I don't know if I can be of much help, as I'm running EAP-TLS with
FreeRADIUS, but you don't have any other takers yet. And all I can
suggest is that you probably won't solve this without seeing the RADIUS
logs, on what I assume is a Windows server, and I've no idea what they
call RADIUS these days. It used to be IAS on Server 2003, and I've
never had anything to do with that.

Is the Macbook a domain member, and is your machine? Some Windows
facilities are available only to domain members, and this may be one.
At the very least, RADIUS requires both human and machine to be named
in its server configuration. EAP-(T)TLS isn't just something a step up
from WPA(2), it uses a separate authentication server, and a Windows
one is tied into Active Directory. You clearly have an account, but
does your computer? If so, then the RADIUS logs will tell you what
authentication is missing.

It's possible for a non-domain computer to connect to a Windows VPN or
at least was with 2003. Do you do that? If so then you should have the
necessary authentication measures installed, if not actually configured
yet, though I believe everything necessary has been in the kernel for
some years now. I'm afraid I use the Not-Work Manager on Ubuntu to make
the connection, and I'm not logging in to Windows, and EAP-TLS is
heavy on certificates, so my configurations will be of no use to you.
EAP-TTLS also uses a certificate, but on the server only, the idea of
TTLS being that you don't need to install anything on the client.

-- 
Joe


Reply to: