Request password missing or cleartext password not found

Alan DeKok aland at deployingradius.com
Fri Dec 12 13:23:10 CET 2014


On Dec 11, 2014, at 7:21 PM, carl leopold <carlbright772 at gmail.com> wrote:
> I am new to freeradius and am trying to setup freeradius 2.1.12 with mysql used by strongswan. Strongswan is talking to freeradius using eap-radius using Ikev2.
> 
> I have been able to get Strongswan Ikev1 working talking to freeradius/mysql using eap-Xauth. But i cant get it to work with Ikev2 and eap-radius

  Strongswan isn’t doing EAP.   Read the debug output.

> In my database table radcheck i have:
> 
> | id | username | attribute          | op | value    |
> +----+----------+--------------------+----+----------+
> |  1 | darwin   | Password           | == | mypass   |
> |  3 | frodo    | Password           | == | baggins  |

  Use Cleartext-Password := … instead.  It won’t help here, but it’s at least correct.

> My config :

  Don’t post the config.  It doesn’t help.

> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1 port 44311, id=219, length=133
> 	User-Name = "carl"
> 	NAS-Port-Type = Virtual
> 	Service-Type = Framed-User
> 	NAS-Port = 6
> 	NAS-Port-Id = "win7"
> 	NAS-IP-Address = 178.62.119.121
> 	Called-Station-Id = "178.62.119.121[4500]"
> 	Calling-Station-Id = "191.101.55.203[4500]"
> 	NAS-Identifier = "strongSwan"
> 	Message-Authenticator = 0xcf65b96f46f3e40a5066f6f4111c48fa

  So… where’s the EAP data?  It’s not there.

  FreeRADIUS can’t do EAP if there’s no EAP in the packet.

  Fix Strongswan so that it sends EAP packets.

  Alan DeKok.



More information about the Freeradius-Users mailing list