RE: Problems getting eap-mschapv2 working.

Did you generate the certificates that are mentioned there?  The one's that ship with the server are expired, you have to generate your own certificate.
 
What version of FreeRADIUS.  Version 1.1.1 fixed alot of little PEAP things.
Version 1.1.3 of course is what you should be running.
Most versions after 1.0.0 have the eap section broken out to a separate file, that has lots of comments in it about generating Certs.
 
Also, it looks like your actual problem is that you have re-written the eap section... and missed a Paren
 
This is Mine.  In yours you have included mschapv2 inside of PEAP.  It is its own section, outside of the PEAP section.
 
                 peap {
                        default_eap_type = mschapv2
                        copy_request_to_tunnel = no
                        use_tunneled_reply = yes
                #       proxy_tunneled_request_as_eap = yes
                }
                mschapv2 {
                }

From: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org [mailto:freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org] On Behalf Of Ian Walker
Sent: Friday, September 01, 2006 8:36 AM
To: freeradius-users@lists.freeradius.org
Subject: Problems getting eap-mschapv2 working.

Been trying to get eap working with peap/mschapv2 but it doesn't seem to work.

This is my radiusd.conf file:

prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var/run
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions	= yes
extended_expressions	= yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
	max_attributes = 200
	reject_delay = 1
	status_server = no
}

$INCLUDE  ${confdir}/clients.conf

thread pool {
	start_servers = 5
	max_servers = 32
	min_spare_servers = 3
	max_spare_servers = 10
	max_requests_per_server = 0
}

modules {
	eap {
		default_eap_type = md5
		timer_expire = 60
		md5 {
		}
		tls {
			private_key_password = 
			private_key_file = /usr/local/etc/raddb/new.cert.key
			certificate_file = /usr/local/etc/raddb/new.cert.cert
			CA_file = /usr/local/etc/raddb/cacert.pem
			dh_file = /dev/urandom
			random_file = /dev/urandom
			fragment_size = 1024
			include_length = yes
		}
		peap {
			default_eap_type = mschapv2
			mschapv2 {
				authtype = mschapv2
				use_mppe = yes
				require_encryption = yes
				require_strong = yes
			}
		}
	}

	files {
		usersfile = ${confdir}/users
		compat = no
	}
	exec cerb {
		wait = yes
		program = "/usr/local/bin/cerbauth -e freeradius"
		input_pairs = request
		output_pairs = reply
	}
	preprocess {
	}
}

authorize {
	preprocess
	eap
	files
}

authenticate {

	Auth-Type eap {
		eap
	}

	Auth-Type CERB {
		cerb
	}
}

as you can see, I'm currently working with md5 and this works perfectly well.  But when I set the client and configure the server to default for peap/tls, then it fails saying:

"No such EAP type mschapv2"

I believe if I can get passed this, that my system will authenticate with peap/mschapv2 successfully.

Hope you can help.

Regards


Ian
This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.