Alan DeKok wrote:
Andrew Rowson wrote:Ok, I updated the radcheck table in mysql so that the atttibute read "Cleartext-Password". I now get a different result when trying to log in from the wlan:...rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session.Please post the *previous* debug messages, which indicate *why* the user was rejected.
A complete output dump from freeradius is quite long, so I've hosted it at http://public.growse.com/radiusd.log
Looking over it, it seems that a problem comes up with the MSCHAP bit: rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for growse with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 14This appears to imply that there's no User-Password entry found anywhere for the user in the database. This would be correct, as the attribute in the radcheck table is set to Cleartext-Password. Anything other than Cleartext-Password and freeradius doesn't attempt an auth-type of EAP, but Local instead, going back to my original problem.
Andrew
Also, my cisco device logins have now broken since updating this attribute, I'm guessing because the sql module can't authenticate the user against the db?No. The SQL module doesn't authenticate users. Again, read the *entire* debug log to see what's going on. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html