On Mon, Feb 19, 2018 at 12:59:04PM +0100, Iris Fiedler wrote: Hi,
freeRADIUS: 3.0.15 (on a different PC with OpenSuse 42.3) Konfigured as wpa-eap tls with identity and password.
EAP-TLS doesn't support passwords AFAIK. Perhaps you mean EAP-TTLS?
radius-tls.log (35) Invalid user: [testUser1/<no User-Password attribute>] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) (35) Rejected in post-auth: [testUser1/<no User-Password attribute>] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) (35) Login incorrect: [testUser1/<no User-Password attribute>] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) As you can see the User-Password attribute is missing. Although the password in nmcli was set. This is what nmcli is responding with: nmcli device connect wlan0 Passwords or encryption keys are required to access the wireless network 'Linksys02355'. Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option. Error: Connection activation failed: (7) Secrets were required, but not provided. nmcli -a device connect wlan0 Passwords or encryption keys are required to access the wireless network 'Linksys02355'. Identity (802-1x.identity): testUser1 Passwords or encryption keys are required to access the wireless network 'Linksys02355'. Private key password (802-1x.private-key-password): Passwords or encryption keys are required to access the wireless network 'Linksys02355'. Identity (802-1x.identity): testUser1 Even here no user password is asked!!! I created a new user without password. Although the radius server accepted the authentication no connection was established!!! It confused me so I checkt if a wpa eap ttls-pap would work. After reconfiguration of nmcli and radius server it worked without problems. So I think this is only a tls problem.
Yes, EAP-TLS only uses certificates and not passwords. Beniamino
Attachment:
signature.asc
Description: PGP signature