AW: Authentication with eap/mschapv2
Stefan Hotz
stefhotz at yahoo.de
Thu Sep 17 17:58:08 CEST 2009
Thank's for the answer Ivan.
I have tried now both with or without encryption
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
unfortunately the result is still the same
Found Auth-Type = EAP
+- entering group authenticate {....}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
rlm_eap_mschapv2: Invalid response type 4
[eap] Handler failed in EAP/mschapv2
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Does it make sense to enable the encryption for mschap since the eap tunnel (as far I have understood) is the whole way from the client to the radius server.
________________________________
Von: Ivan Kalik <tnt at kalik.net>
An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Gesendet: Donnerstag, den 17. September 2009, 16:55:33 Uhr
Betreff: Re: Authentication with eap/mschapv2
> I would like to authenticate my Windows XP wireless users with freeradius
> against a AD. Test with the local ntlm_auth against the AD worked fine as
> well radtest with a local user in the users file.
>
> I have read in the archive that "Code 4 is MS-CHAP failure. It means
> that the client told the server
> it didn't like the previous packet"
>
> But I have no idea what the server does not like.
> mschap {
> use_mppe = no
> require_encryption = yes
You have disabled MPPE (Microsoft Point-to-Point Encryption) yet you
require encryption.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090917/0358cd28/attachment.html>
More information about the Freeradius-Users
mailing list