Fwd: Freeradius 2.2.9 eap/peap problem
Mr Dini
diniboy74 at gmail.com
Sun May 8 00:39:22 CEST 2016
Hi!
Thanks for Your quick reply!
My sql config is the following:
id: 1, username: guest, attribute: Cleartext-Password, op: :=, value:
guest1234
And just for testing I also created a testuser named user.
But it not works with eap (but the radtest gives me Access-accept, only the
eap not works)... If I create the user in the users file, and I specify the
Auth-Type, it works. For example:
testuser Auth-Type := EAP, Cleartext-Password := "passwd"
Thanks!
2016.05.07. 23:56, "Matthew Newton" <mcn4 at leicester.ac.uk> ezt írta:
> On Sat, May 07, 2016 at 06:54:24PM +0200, Mr Dini wrote:
> > At the Git page of the project You told me (my nick is MrDini) to use the
> > older freeradius (2.2.9) in my nas. I compiled it and I set up to a mysql
> > database, but it sends Access-reject and something like this:
> >
> > [peap] TLS_accept: SSLv3 write server done A
> > [peap] TLS_accept: SSLv3 flush data
> > [peap] TLS_accept: SSLv3 read client certificate A
> > [peap] TLS_accept: Need to read more data: SSLv3 read client key
> > exchange A
> > [peap] TLS_accept: Need to read more data: SSLv3 read client key
> > exchange A
>
> That's not a problem. It's in the middle of the PEAP tunnel being
> built. Completes around line 923.
>
> > Here <http://pastebin.com/TTXY4Ngd> is the full output of the radiusd
> -X.
>
> You can paste -X output directly to this list. It makes it easier
> for everyone.
>
> > Is it a compile error? Or what Do You think, What is that?
>
> No compile problems.
>
> This is your problem. You've not defined the Cleartext-Password
> anywhere (lines 1160 on):
>
> [mschapv2] +group MS-CHAP {
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
> [mschap] No Cleartext-Password configured. Cannot create NT-Password.
> [mschap] Creating challenge hash with username: sqltest
> [mschap] Client is using MS-CHAPv2 for sqltest, we need NT-Password
> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
> [mschap] FAILED: MS-CHAP2-Response is incorrect
> ++[mschap] = reject
>
> My guess is you need to do one or more of
>
> - move "sql" from the default (outer) virtual server to the
> inner-tunnel; or
>
> - enable "copy_request_to_tunnel" in raddb/eap peap{} section; or
>
> - put the right data in the radcheck table.
>
> I don't touch sql much, but those should get you in roughly the
> right area.
>
> There's nothing wrong with your FreeRADIUS install.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list