Freeradius reply attribute problem when using PEAP
Alan DeKok
aland at deployingradius.com
Sat Aug 9 16:53:25 CEST 2014
Terry Kantorowski wrote:
> Per your request. I have included the debug output from freeradius.
> You will see that my test user "rickjames" authenticates just fine.
> The problem I am having is that the attribute value pairs for his
> group are not passed and so he never actually "connects" to the
> wireless network. The AVPs are missing when I try to connect with a
> device using PEAP, but present when I force connect with TTLS. I did
> not see this until I ran tcpdump.
Which is why all of the documentation tells you to run the server in
debugging mode, and to read the output.
> Thanks for taking the time to look at this.
It should be pretty clear from the output. There's a lot of it, but
reading it is simple.
> (11) eap_peap : Got tunneled reply code 2
> MS-MPPE-Encryption-Policy = Encryption-Allowed
> MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
> MS-MPPE-Send-Key = 0x179df4ed5c7771b6728858f3b86294c2
> MS-MPPE-Recv-Key = 0xb9fea9733904585d418bc4af62e467f3
> EAP-Message = 0x030b0004
> Message-Authenticator = 0x00000000000000000000000000000000
> User-Name = 'rickjames'
So... no authorization attributes are in the tunnel.
Fix that.
Alan DeKok.
More information about the Freeradius-Users
mailing list