MSCHAP module returns OK, authentication fails..

James Yale jim at thebiggame.org
Tue Aug 26 17:48:17 CEST 2008


(Hopefully I haven't double posted)

Hi,

Perhaps someone can help, I'm trying to setup FreeRADIUS as a
cheaper/more flexible alternative to buying a Win2k3 Enterprise
licence to do PEAP/MSCHAP for wireless clients but seem to be having a
problem after the MSCHAP module is run.

I'm using a MacOS as a test client, which connects to the wireless
network, prompts about an invalid certificate chain for the SSL cert
(suggesting that TLS is working) and then prompts for credentials. The
credentials seem to get to radiusd okay, the identity is referenced in
the debug logs and the authentication (via ntlm_auth) seems to work
okay aswell, returning 0 and reporting success, however after this
point everything seems to stop. The MacOS client reports that
authentication has failed at this point.

I've got debug logs for afew different configurations (changing odd
MSCHAP module options) but haven't included them due to the size
limit. Attached is:

radius.log -> ntlm_auth with the domain hard configured via the config files.

All of my tests produce the same result, with the MSCHAP module
returning success and then (seemingly) nothing happening. I've also
tested with eapol from wpa_supplicant, which produces the same effect.

Any hints as to what I'm missing would be welcomed :)

Thanks,

James Yale
jim at thebiggame.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius.log
Type: text/x-log
Size: 31939 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080826/6c353d80/attachment.bin>


More information about the Freeradius-Users mailing list