Authentication failure - PEAP - MS-CHAPv2
kissg
mail.gery at gmail.com
Tue Jun 16 22:46:43 CEST 2009
It's getting even more interesting: using the same configuration, but with
another access point (same model and firmware version): works flawlessly.
There are only two differences between the setups:
- In the test environment, the AP is located near to the test machine (it
was placed about 5-6 meters from the AP, no walls between)
- We didn't configure VLANs on the test AP.
I have a feeling, that the AP refuses the connection, because some kind of
privilege checking fails (the client is not privileged to access the
required VLAN). Does FreeRADIUS configuration need anything special, if the
AP is configured for multiple VLANs?
The VLAN configuration looks like this in the live environment:
VLAN4 - Private vlan, the radius server is located here and an EAP-protected
SSID is mapped to this VLAN
VLAN5 - Public vlan, mapped to an open SSID
VLAN6 - Management vlan - untagged - we configure the APs using this VLAN
Probably the LDAP server has to provide some extra attribute which grants
access to VLAN4, but I'm not sure. Could you please help?
Thank you
Gergely Kiss
2009/6/12 kissg <mail.gery at gmail.com>
> 2009/6/11 Matthieu Lazaro <matthieu.lazaro at eservglobal.com>
>
>> !
>> eap profile < Profile Name>
>> method mschapv2
>> !
>>
>
> I don't have the lines above in my config. Does this have any influence on
> the way the AP proxies radius packets? I think, this is only relevant if the
> AP authenticates using its own database, right?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090616/4eb1410b/attachment.html>
More information about the Freeradius-Users
mailing list