[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Weird Wifi problem -- WPA-EAP TTLS fails

> On Fri, 20 May 2011 20:47:21 -0400
> Andrew Reid <reidac@bellatlantic.net> wrote:
> >   So, apologies for the long-windedness, but what can cause EAP to
> > 
> > fail?  Do I need to add some libraries with more authentication
> > schemes in them somehow?  Obviously I have all the dependencies of
> > wpa_supplicant, but is there something else?
> I don't know if I can be of much help, as I'm running EAP-TLS with
> FreeRADIUS, but you don't have any other takers yet. And all I can
> suggest is that you probably won't solve this without seeing the RADIUS
> logs, on what I assume is a Windows server, and I've no idea what they
> call RADIUS these days. It used to be IAS on Server 2003, and I've
> never had anything to do with that.

  The WAP itself is part of a Cisco Enterprise system. I'm not
sure what the back-end authentication is, our workplace duplicates
enterprise passwords across many authentication engines (to reduce
password proliferation, a goal I heartily endorse).  I do know that
the Mac I used was not any kind of Windows domain member, and the
Debian laptop also is not.

  I've put in a support query for the server-side logs, but
the first-line support's response is "it works on the Mac, our
system is fine, Linux is not supported," and I have to admit that
for a support team with scarce resources, that's not an absurd
answer.  I have asked them specifically for the authentication
logs (and given them a precise time of the failed attempt and
the originating MAC address), but haven't heard back on that yet.

  I've googled around a bit more since my initial post, and I'm
starting to think I might actually be able to parse the wpa_supplicant
logs, and maybe sharpen my question, possibly by figuring where in
the EAP framework it's coming undone.

  What I suspect has happened is that the "squeeze" wpa_supplicant has
some kind of new default that's breaking the process, and if I can just
figure out what it is and set it to work like "lenny" did, I'll be
fine.  But, wpa_supplicant's option space is pretty big.

  I think I may be able to scare up another Linux laptop, and may
even be able to get "lenny" on there, to try to close in on this.

  Anyways, thanks for your reply, mostly just thinking out loud here...

			           -- A.
Andrew Reid / reidac@bellatlantic.net

Reply to: