On Mon, Feb 19, 2018 at 12:59:04PM +0100, Iris Fiedler wrote:
Hi,
> freeRADIUS: 3.0.15 (on a different PC with OpenSuse 42.3)
> Konfigured as wpa-eap tls with identity and password.
EAP-TLS doesn't support passwords AFAIK. Perhaps you mean EAP-TTLS?
> radius-tls.log
> (35) Invalid user: [testUser1/<no User-Password attribute>] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
> (35) Rejected in post-auth: [testUser1/<no User-Password attribute>] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
> (35) Login incorrect: [testUser1/<no User-Password attribute>] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
>
> As you can see the User-Password attribute is missing. Although the password in nmcli was set.
>
> This is what nmcli is responding with:
> nmcli device connect wlan0
> Passwords or encryption keys are required to access the wireless network 'Linksys02355'.
> Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
> Error: Connection activation failed: (7) Secrets were required, but not provided.
>
> nmcli -a device connect wlan0
> Passwords or encryption keys are required to access the wireless network 'Linksys02355'.
> Identity (802-1x.identity): testUser1
> Passwords or encryption keys are required to access the wireless network 'Linksys02355'.
> Private key password (802-1x.private-key-password):
> Passwords or encryption keys are required to access the wireless network 'Linksys02355'.
> Identity (802-1x.identity): testUser1
>
> Even here no user password is asked!!!
>
> I created a new user without password. Although the radius server accepted the authentication no connection was established!!!
>
> It confused me so I checkt if a wpa eap ttls-pap would work.
> After reconfiguration of nmcli and radius server it worked without problems.
> So I think this is only a tls problem.
Yes, EAP-TLS only uses certificates and not passwords.
Beniamino