0

I setup successfully an enterprise wifi connection with LDAP authentication by the mediation of Freeradius. I used EAP-TTLS PAP because I have hashed passwords in my OpenLDAP directory. In case I used TKIP algorithm in my router for that WPA2 access point, everything goes very well and the clients can connect from my android phone just normally. (till know all clients are just android phones).

BUT when I use AES, the clients cannot connect any more, and I don't know why, the log seems very good, and I tried and searched a lot with unfortunatelly no success.

Here is my Freeradius log: http://pastebin.com/gF1tBGkM

You may ask why I want AES.. that is because MICROSOFT windows does NOT have TKIP algorithm for enterprise WPA2 connections. (may be just to annoy us and make the matter harder). I tried all the open source free third party software to be able to use the not supported protocols, but they where all very old and they didn't work, and I am trying to do everything natively without any thrid party software.

Could anybody help me please to find any solution for that? (to get my client connects successfully with AES).

Regards

Mohammed Noureldin
  • 491
  • 1
  • 9
  • 24

1 Answers1

0

Given that FreeRADIUS returns an Access-Accept, there are limited things that could have caused this. One of the following is fairly likely:

  1. There is an issue with your EAP certificates. Have you got EKU tls server OID included? Windows is very picky about this.

  2. FreeRADIUS is compiled against a broken version of OpenSSL (your FreeRADIUS 2.1.12 is ancient; you should upgrade to at least 2.2.9).

But otherwise you'll need to look elsewhere to debug this - the NAS or Windows logs.

However, as it was working with TKIP and the only thing you have changed is this to AES, that points to FreeRADIUS likely not being the problem and you should look elsewhere.

Matthew Newton
  • 137
  • 7