WPA2/AES + MSCHAPv2 + FreeRADIUS + NO AD/LDAP - Help w/ Local Config

cregester cregester at unitypg.com
Fri Jul 20 23:07:03 CEST 2007


Good afternoon,

I have a configuration scenario that I have researched all day long (8+
hours now) and cannot solve. I know I must be missing something simple, but
I'm not sure what that is.

The environment is a small business location with Cisco 1130AG Access
Points. We are currently use LEAP using the built in RADIUS server of the
Cisco 1130AG, but need to move to an MSCHAPv2 solution for software
compatibility reasons. This remote branch has no need for Active Directory
due to cost/size so I essentially want to store usernames/passwords in the
users.conf file I believe.

The problem I have is that when I try to establish the connection from the
Windows machine to the AP/FreeRADIUS, I can see the activity in FreeRADIUS
debug, but it never authenticates. I can get a whole range of errors based
on different configs I have tried, but I think the problem is rooted in the
fact that it keeps inserting the computer name in front of the username. For
example MYCOMPUTER\Bob. This is a problem because I just want usernames to
authenticate no matter what computer they access from. Bob should be able to
authenticate from a number of PCs.

The most recent error received is:

rlm_eap: Identity does not match User-Name, setting from EAP Identity.
  rlm_eap: Failed in handler
  modcall[authenticate]: module "eap" returns invalid for request 0
modcall: leaving group authenticate (returns invalid) for request 0
auth: Failed to validate the user.
Login incorrect: [MYPCNAME\Username/<no User-Password attribute>] (from
client TEST-AP p
ort 464 cli 0016.e3af.2388)

I appreciate any insight anyone can provide. As I mentioned, I looked around
all day for a similar setup, but all I found were scenarios utilizing
backend authentication databases like LDAP or Active Directory.

Thanks in advance,

Craig
-- 
View this message in context: http://www.nabble.com/WPA2-AES-%2B-MSCHAPv2-%2B-FreeRADIUS-%2B-NO-AD-LDAP---Help-w--Local-Config-tf4119599.html#a11716078
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list