"use_tunnel_reply" not working in EAP-PEAP (Proxied as plain MSCHAPv2) in eap.conf
Nitin Bhardwaj
nbhardwaj at merunetworks.com
Fri Jul 8 15:27:15 CEST 2011
/
> Phil Mayers wrote:
> > The (untested) patch below might help on 2.1.x:
> >
> > https://github.com/philmayers/freeradius-server/commit/3c1ed71cde100268dba57cbd87953af2bfda6d87
> >
> >
> > ...or for 3.x:
> >
> > https://github.com/philmayers/freeradius-server/commit/6877b70f442536c93ed097f3c9f6d17d9c960b19
>
> Added, thanks.
>
> Alan DeKok.
/Alan,
Just did git pull (master branch), and tried - it failed - as described
by Phil in an earlier post, since mschapv2 callback is not called
--------------------<snip-3.x log>-----------------------------------------
(19) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(19) group authenticate {
(19) - entering group authenticate {...}
(19) eap : Request found, released from the list
(19) eap : EAP/peap
(19) eap : processing type peap
(19) peap : processing EAP-TLS
(19) peap : eaptls_verify returned 7
(19) peap : Done initial handshake
(19) peap : eaptls_process returned 7
(19) peap : FR_TLS_OK
(19) peap : Session established. Decoding tunneled attributes.
(19) peap : Peap state send tlv success
(19) peap : Received EAP-TLV response.
(19) peap : Client rejected our response. The password is probably
incorrect.
(19) peap : We sent a success, but received something weird in return.
(19) eap : Handler failed in EAP/peap
(19) eap : Failed in EAP select
(19) [eap] = invalid
(19) Failed to authenticate the user.
(19) Using Post-Auth-Type Reject
-------------------------------------------------------------
Then tried with removing this patch:
https://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00295.html
and it is working properly like in 2.x branch. Hence I think, also you
need to remove this patch.
--
Nitin.
More information about the Freeradius-Users
mailing list