FreeRadius 2.1.1 with PEAP- EAP-MD5
Queenie de Melo
queenie245 at gmail.com
Thu Nov 6 05:48:31 CET 2008
Hi All,
I have been trying to configure PEAP with EAP -MD5 but i juat cannot get it
to work.
TTLS with EAP -MD5 workes fine.
Also PEAP with Token card(gtc) and MSCHAPv2 works fine.
What I tried is...
1. When I *comment out MSCHAPv2* in the eap.conf file and I try with the
client being in PEAP EAP-MSCHAPv2, then I get a REJECT as below.
2.When I *comment out MD5* in the eap.conf file and try with the client
being in PEAP EAP MD5, then I get the same REJECT message as below
3. When *I dont comment out MD5(MD5 is enabled)* in the eap.conf file and
try with the client being in PEAP EAP MD5, then I get the same REJECT
message as below
In all the above three cases, I seem to be getting the same Reject message
as below:
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "queenie", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 72
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> queenie
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 9 to 192.168.5.200 port 1024
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.5 seconds.
Cleaning up request 0 ID 1 with timestamp +79
Cleaning up request 1 ID 2 with timestamp +79
Cleaning up request 2 ID 3 with timestamp +79
Cleaning up request 3 ID 4 with timestamp +79
Waking up in 0.2 seconds.
Cleaning up request 4 ID 5 with timestamp +79
Cleaning up request 5 ID 6 with timestamp +79
Cleaning up request 6 ID 7 with timestamp +79
Cleaning up request 7 ID 8 with timestamp +79
Waking up in 1.0 seconds.
Cleaning up request 8 ID 9 with timestamp +79
Ready to process requests.
*Is it possible that in the eap.conf file, the MD5 does not get enabled
under PEAP? Cause MD5 does work fine with TTLS for me. *
Pl help!
Regards,
Queenie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081106/980db79f/attachment.html>
More information about the Freeradius-Users
mailing list