drn05r
commented
3 years ago We were running a rather old version of WPA Supplicant's eapol_test (2.4 or earlier). After upgrading auth2 to 18.04, we needed to sort out FreeRadius config for 3.0. As this still led to issues with various checks failing, I contacted eduroamUK and we figured our that we were running such an old version of eapol_test. Compling an new eapol_test from WPA Supplicant fixed the issues we were having with checks to roaming{0,1}.ja.net that had started failing in the last few months and also the checks to the ODI that had failed for sometimes. I consequently looked into whether this fixed these ttls checks still needed the retry with the ignoring of MPPE keys warning. It did not. I will keep the code for this in the check_eapol but leave it commented out for now.
Since upgrading to Ubuntu 16.04 ttls-mschav2 check has been failing. Prior to this the ttls-eap-mschapv2 has been failing. This was 'fixed' by doing the following:
"It looks as though authentication is still successful but a warning about MPPE keys is generated which prevents the check from seeing the SUCCESS output. cmalton has hacked the check_eapol script to run a second time without doing an MPPE key check in certain cases. We need to review this to make sure this fixes the issue in all cases and does not generate excessive eapol_tests to run "when there are authentication issues."