Problems getting eap-mschapv2 working.
King, Michael
MKing at bridgew.edu
Fri Sep 1 15:34:35 CEST 2006
Did you generate the certificates that are mentioned there? The one's
that ship with the server are expired, you have to generate your own
certificate.
What version of FreeRADIUS. Version 1.1.1 fixed alot of little PEAP
things.
Version 1.1.3 of course is what you should be running.
Most versions after 1.0.0 have the eap section broken out to a separate
file, that has lots of comments in it about generating Certs.
Also, it looks like your actual problem is that you have re-written the
eap section... and missed a Paren
This is Mine. In yours you have included mschapv2 inside of PEAP. It
is its own section, outside of the PEAP section.
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = yes
# proxy_tunneled_request_as_eap = yes
}
mschapv2 {
}
________________________________
From:
freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.org]
On Behalf Of Ian Walker
Sent: Friday, September 01, 2006 8:36 AM
To: freeradius-users at lists.freeradius.org
Subject: Problems getting eap-mschapv2 working.
Been trying to get eap working with peap/mschapv2 but it doesn't
seem to work.
This is my radiusd.conf file:
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var/run
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
$INCLUDE ${confdir}/clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
eap {
default_eap_type = md5
timer_expire = 60
md5 {
}
tls {
private_key_password =
private_key_file =
/usr/local/etc/raddb/new.cert.key
certificate_file =
/usr/local/etc/raddb/new.cert.cert
CA_file =
/usr/local/etc/raddb/cacert.pem
dh_file = /dev/urandom
random_file = /dev/urandom
fragment_size = 1024
include_length = yes
}
peap {
default_eap_type = mschapv2
mschapv2 {
authtype = mschapv2
use_mppe = yes
require_encryption = yes
require_strong = yes
}
}
}
files {
usersfile = ${confdir}/users
compat = no
}
exec cerb {
wait = yes
program = "/usr/local/bin/cerbauth -e
freeradius"
input_pairs = request
output_pairs = reply
}
preprocess {
}
}
authorize {
preprocess
eap
files
}
authenticate {
Auth-Type eap {
eap
}
Auth-Type CERB {
cerb
}
}
as you can see, I'm currently working with md5 and this works
perfectly well. But when I set the client and configure the server to
default for peap/tls, then it fails saying:
"No such EAP type mschapv2"
I believe if I can get passed this, that my system will
authenticate with peap/mschapv2 successfully.
Hope you can help.
Regards
Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060901/54e00d61/attachment.html>
More information about the Freeradius-Users
mailing list