networking - [Freeradius][EAP] Issues using EAP-GTC for inner phase 2 authentication. -

-

i trying set eap-ttls/gtc authentication. in phase 1 ,the server offers eap-ttls , client accepts it. client set automatic phase 2 , expect server offer gtc phase 2 authentication not happening. can me figure out missing in conf file.

eap {             default_eap_type = ttls             timer_expire     = 60             ignore_unknown_eap_types = no             cisco_accounting_username_bug = no             max_sessions = 4096             md5 {             }             leap {             }             gtc {                     auth_type = local             }             tls {                     certdir = ${confdir}/certs_freeradius2                     cadir = ${confdir}/certs_freeradius2                     private_key_password = radius                     private_key_file = /etc/freeradius/certs/server.key                     certificate_file = /etc/freeradius/certs/server.pem                     ca_file = /etc/freeradius/certs/ca.pem                     dh_file = ${certdir}/dh                     random_file = ${certdir}/random                     fragment_size = 1024                     include_length = yes                     cipher_list = "default"                     make_cert_command = "${certdir}/bootstrap"                     cache {                     }             }             ttls {                     default_eap_type = gtc                     copy_request_to_tunnel = yes                     use_tunneled_reply = yes                     virtual_server = "inner-tunnel"             }             peap {                     default_eap_type = mschapv2                     copy_request_to_tunnel = yes                     use_tunneled_reply = yes                     proxy_tunneled_request_as_eap = yes                     virtual_server = "inner-tunnel"             }             mschapv2 {             }     }

other thing point see gtc initiation , processing in radius.log don't think phase 2 successful.

73 wed aug  5 16:22:48 2015 : debug:  module: linked sub-module rlm_eap_gtc   74 wed aug  5 16:22:48 2015 : debug:  module: instantiating eap-gtc   75 wed aug  5 16:22:48 2015 : debug:    gtc {   76 wed aug  5 16:22:48 2015 : debug:       challenge = "password: "   77 wed aug  5 16:22:48 2015 : debug:       auth_type = "local"   78 wed aug  5 16:22:48 2015 : debug:    }   79 wed aug  5 16:22:48 2015 : debug:  module: linked sub-module rlm_eap_tls   80 wed aug  5 16:22:48 2015 : debug:  module: instantiating eap-tls   81 wed aug  5 16:22:48 2015 : debug:    tls {   82 wed aug  5 16:22:48 2015 : debug:       rsa_key_exchange = no   83 wed aug  5 16:22:48 2015 : debug:       dh_key_exchange = yes   84 wed aug  5 16:22:48 2015 : debug:       rsa_key_length = 512   85 wed aug  5 16:22:48 2015 : debug:       dh_key_length = 512    106 wed aug  5 16:22:48 2015 : debug:  module: instantiating eap-ttls  107 wed aug  5 16:22:48 2015 : debug:    ttls {  108 wed aug  5 16:22:48 2015 : debug:       default_eap_type = "gtc"  109 wed aug  5 16:22:48 2015 : debug:       copy_request_to_tunnel = no  110 wed aug  5 16:22:48 2015 : debug:       use_tunneled_reply = no  111 wed aug  5 16:22:48 2015 : debug:       virtual_server = "inner-tunnel"  112 wed aug  5 16:22:48 2015 : debug:       include_length = yes  113 wed aug  5 16:22:48 2015 : debug:    }  552 wed aug  5 16:25:43 2015 : info: [eap] eap identity  553 wed aug  5 16:25:43 2015 : info: [eap] processing type gtc  554 wed aug  5 16:25:43 2015 : info: ++[eap] returns handled  555 wed aug  5 16:25:43 2015 : info: [ttls] got tunneled access-challenge  556 wed aug  5 16:25:43 2015 : info: ++[eap] returns handled  557 wed aug  5 16:25:43 2015 : info: finished request 5.  558 wed aug  5 16:25:43 20  wed aug  5 16:25:43 2015 : info: [pap] warning: auth-type set.  not setting pap  612 wed aug  5 16:25:43 2015 : info: ++[pap] returns noop  613 wed aug  5 16:25:43 2015 : info: found auth-type = eap  614 wed aug  5 16:25:43 2015 : info: # executing group file /etc/freeradius/sites-enabled/inner-tunnel  615 wed aug  5 16:25:43 2015 : info: +- entering group authenticate {...}  616 wed aug  5 16:25:43 2015 : info: [eap] request found, released list  617 wed aug  5 16:25:43 2015 : info: [eap] eap/gtc  618 wed aug  5 16:25:43 2015 : info: [eap] processing type gtc  619 wed aug  5 16:25:43 2015 : debug:   rlm_eap_gtc: ok.  620 wed aug  5 16:25:43 2015 : info: [eap] freeing handler  621 wed aug  5 16:25:43 2015 : info: ++[eap] returns ok  622 wed aug  5 16:25:43 2015 : auth: login ok: [cros] (from client 172.16.10.3 port 0 via tls tunnel)  623 wed aug  5 16:25:43 2015 : info:   warning: empty post-auth section.  using default return values.  624 wed aug  5 16:25:43 2015 : info: # executing section post-auth file /etc/freeradius/sites-enabled/inner-tunnel  625 wed aug  5 16:25:43 2015 : info: [ttls] got tunneled access-accept

the debug log you've posted indicates auth completed successfully

[ttls] got tunneled access-accept indicates phase2 completed successfully, positive authentication response.


Comments

Post a Comment

Popular posts from this blog

yii2 - Yii 2 Running a Cron in the basic template -

-
i have seen instructions on running cron in advanced template, cant figure out how on basic template. have following controller in basic controllers folder. <?php namespace app\controllers; use yii\console\controller; /** * cron controller */ class croncontroller extends controller { public function actionindex() { echo "cron service runnning"; } public function actionmail($to) { echo "sending mail " . $to; } } i have navigated root of application , tried these comands yii cron php yii cron im getting unknown comand "cron" i know old question failed find actual answer this. if @ code yii exec file you'll notice requires /common/config/aliases.php file console/config/main.php. can naturally change these or copy on these advanced template. hope solves problem wanting same thing.
Read more

asp.net - 'System.Web.HttpContext' does not contain a definition for 'GetOwinContext' Mystery -

-
i realize question might seem trivial some, it's these types of things find myself fighting quite bit , want make sense of despite seeming losing battle in .net (for me anyway). so, if following: using system.web; ... applicationuser user = system.web.httpcontext.getowincontext().getusermanager<applicationusermanager>().findbyid(system.web.httpcontext.user.identity.getuserid()); that produces error in title , red getowincontext() , error cannot resolve symbol 'getowincontext()' however, if following (remove system.web in front of httpcontext ), works expected (or @ least no errors): using system.web; ... applicationuser user = httpcontext.getowincontext().getusermanager<applicationusermanager>().findbyid(system.web.httpcontext.user.identity.getuserid()); however, if (same line that's working using system.web commented out): //using system.web; ... applicationuser user = httpcontext.getowincontext().getusermana...
Read more

mercurial graft feature, can it copy? -

-
there new feature in mercurial 3, called 'graft' (graft local). job of moving change-set different branch. is there way "copy" change-set branch? i interested in in moving stuff qa branch production branch, still need code reside in qa. want copy. found , have tried few things, maybe it'll become clear more tinkering , reading... does have better way of 'cherry picking' change-sets move cross branch (or trunk)??? graft copies changesets, doesn't move them. hg graft (emphasis mine): this command uses mercurial's merge logic copy individual changes other branches without merging branches in history graph. known 'backporting' or 'cherry-picking' . default, graft copy user, date, , description source changesets.
Read more