EAP method not allowed (MD5), trying to do EAP-AKA auth.

Ben Greear greearb
Fri Sep 5 12:13:12 PDT 2014


On 09/05/2014 10:48 AM, Ben Greear wrote:
> Any idea why this might be failing?  We do not see this when using
> hostapd as a radius server, but another user sees the problem on
> their radius server.
> 
> Interestingly, if my user uses a different AP, then things work,
> but when we use the exact same AP/firmware, it works for us.
> 
> Could be AP config differences (and bugs), as we cannot exactly replicate
> their setup for testing...

More debugging makes me suspect the AP is not handling the NAK properly.
Two different AC AP had same issue, so either they are both broken
similarly, or perhaps there is something wrong with the NAK message.

Our system works internally because it never even tries MD5, just goes
straight to AKA.  Seems to be no good way to make the user's radiusd
do the same.

We'll try yet more APs to see if we can find one that works.

Thanks,
Ben

-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com




More information about the Hostap mailing list