<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7226.0">
<TITLE>Re: FreeRADIUS with PEAP problems</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText46223 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>I went ahead and recompiled
from source and also used the --disable-shared options.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>It is not core-dumping but PEAP is still
failing though</FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Here is a complete debug
output as you requested:</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr>freebsd# radiusd -X -A<BR>Starting - reading configuration files
...<BR>reread_config: reading radiusd.conf<BR>Config:
including file: /usr/local/etc/raddb/clients.conf<BR>Config:
including file: /usr/local/etc/raddb/eap.conf<BR> main: prefix =
"/usr/local"<BR> main: localstatedir = "/usr/local/var"<BR> main:
logdir = "/usr/local/var/log/radius"<BR> main: libdir =
"/usr/local/lib"<BR> main: radacctdir =
"/usr/local/var/log/radius/radacct"<BR> main: hostname_lookups =
no<BR> main: max_request_time = 30<BR> main: cleanup_delay =
5<BR> main: max_requests = 1024<BR> main: delete_blocked_requests =
0<BR> main: port = 0<BR> main: allow_core_dumps = no<BR> main:
log_stripped_names = no<BR> main: log_file =
"/usr/local/var/log/radius/radius.log"<BR> main: log_auth =
no<BR> main: log_auth_badpass = no<BR> main: log_auth_goodpass =
no<BR> main: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"<BR> main: user =
"(null)"<BR> main: group = "(null)"<BR> main: usercollide =
no<BR> main: lower_user = "no"<BR> main: lower_pass =
"no"<BR> main: nospace_user = "no"<BR> main: nospace_pass =
"no"<BR> main: checkrad = "/usr/local/sbin/checkrad"<BR> main:
proxy_requests = no<BR> security: max_attributes = 200<BR> security:
reject_delay = 1<BR> security: status_server = no<BR> main:
debug_level = 0<BR>read_config_files: reading
dictionary<BR>read_config_files: reading naslist<BR>Using deprecated
naslist file. Support for this will go away
soon.<BR>read_config_files: reading clients<BR>read_config_files:
reading realms<BR>radiusd: entering modules setup<BR>Module: Library
search path is /usr/local/lib<BR>Module: Loaded exec <BR> exec: wait =
yes<BR> exec: program = "(null)"<BR> exec: input_pairs =
"request"<BR> exec: output_pairs = "(null)"<BR> exec: packet_type =
"(null)"<BR>rlm_exec: Wait=yes but no output defined. Did you mean
output=none?<BR>Module: Instantiated exec (exec) <BR>Module: Loaded expr
<BR>Module: Instantiated expr (expr) <BR>Module: Loaded PAP <BR> pap:
encryption_scheme = "crypt"<BR>Module: Instantiated pap (pap) <BR>Module: Loaded
CHAP <BR>Module: Instantiated chap (chap) <BR>Module: Loaded MS-CHAP
<BR> mschap: use_mppe = yes<BR> mschap: require_encryption =
yes<BR> mschap: require_strong = yes<BR> mschap: with_ntdomain_hack =
yes<BR> mschap: passwd = "(null)"<BR> mschap: authtype =
"MS-CHAP"<BR> mschap: ntlm_auth = "(null)"<BR>Module: Instantiated mschap
(mschap) <BR>Module: Loaded System <BR> unix: cache = no<BR> unix:
passwd = "(null)"<BR> unix: shadow = "(null)"<BR> unix: group =
"(null)"<BR> unix: radwtmp =
"/usr/local/var/log/radius/radwtmp"<BR> unix: usegroup = no<BR> unix:
cache_reload = 600<BR>Module: Instantiated unix (unix) <BR>Module: Loaded LDAP
<BR> ldap: server = "orion.puyenet.com"<BR> ldap: port =
389<BR> ldap: net_timeout = 1<BR> ldap: timeout = 4<BR> ldap:
timelimit = 3<BR> ldap: identity =
"cn=administrator,ou=users,dc=ad,dc=puyenet,dc=com"<BR> ldap: tls_mode =
no<BR> ldap: start_tls = no<BR> ldap: tls_cacertfile =
"(null)"<BR> ldap: tls_cacertdir = "(null)"<BR> ldap: tls_certfile =
"(null)"<BR> ldap: tls_keyfile = "(null)"<BR> ldap: tls_randfile =
"(null)"<BR> ldap: tls_require_cert = "allow"<BR> ldap: password =
""<BR> ldap: basedn = "DC=ad,DC=puyenet,DC=com"<BR> ldap: filter =
"(uid=%{Stripped-User-Name:-%{User-Name}})"<BR> ldap: base_filter =
"(objectclass=radiusprofile)"<BR> ldap: default_profile =
"(null)"<BR> ldap: profile_attribute = "(null)"<BR> ldap:
password_header = "(null)"<BR> ldap: password_attribute =
"M4a8ccarthy6"<BR> ldap: access_attr = "dialupAccess"<BR> ldap:
groupname_attribute = "cn"<BR> ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"<BR> ldap:
groupmembership_attribute = "(null)"<BR> ldap: dictionary_mapping =
"/usr/local/etc/raddb/ldap.attrmap"<BR> ldap: ldap_debug = 0<BR> ldap:
ldap_connections_number = 5<BR> ldap: compare_check_items =
no<BR> ldap: access_attr_used_for_allow = yes<BR> ldap: do_xlat =
yes<BR>rlm_ldap: Registering ldap_groupcmp for Ldap-Group<BR>rlm_ldap:
Registering ldap_xlat with xlat_name ldap<BR>rlm_ldap: reading
ldap<->radius mappings from file
/usr/local/etc/raddb/ldap.attrmap<BR>rlm_ldap: LDAP radiusCheckItem mapped to
RADIUS $GENERIC$<BR>rlm_ldap: LDAP radiusReplyItem mapped to RADIUS
$GENERIC$<BR>rlm_ldap: LDAP radiusAuthType mapped to RADIUS
Auth-Type<BR>rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS
Simultaneous-Use<BR>rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS
Called-Station-Id<BR>rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
Calling-Station-Id<BR>rlm_ldap: LDAP lmPassword mapped to RADIUS
LM-Password<BR>rlm_ldap: LDAP ntPassword mapped to RADIUS
NT-Password<BR>rlm_ldap: LDAP acctFlags mapped to RADIUS
SMB-Account-CTRL-TEXT<BR>rlm_ldap: LDAP radiusExpiration mapped to RADIUS
Expiration<BR>rlm_ldap: LDAP radiusServiceType mapped to RADIUS
Service-Type<BR>rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS
Framed-Protocol<BR>rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS
Framed-IP-Address<BR>rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS
Framed-IP-Netmask<BR>rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS
Framed-Route<BR>rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS
Framed-Routing<BR>rlm_ldap: LDAP radiusFilterId mapped to RADIUS
Filter-Id<BR>rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS
Framed-MTU<BR>rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
Framed-Compression<BR>rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS
Login-IP-Host<BR>rlm_ldap: LDAP radiusLoginService mapped to RADIUS
Login-Service<BR>rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS
Login-TCP-Port<BR>rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS
Callback-Number<BR>rlm_ldap: LDAP radiusCallbackId mapped to RADIUS
Callback-Id<BR>rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network<BR>rlm_ldap: LDAP radiusClass mapped to RADIUS
Class<BR>rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS
Session-Timeout<BR>rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS
Idle-Timeout<BR>rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
Termination-Action<BR>rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS
Login-LAT-Service<BR>rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS
Login-LAT-Node<BR>rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS
Login-LAT-Group<BR>rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link<BR>rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to
RADIUS Framed-AppleTalk-Network<BR>rlm_ldap: LDAP radiusFramedAppleTalkZone
mapped to RADIUS Framed-AppleTalk-Zone<BR>rlm_ldap: LDAP radiusPortLimit mapped
to RADIUS Port-Limit<BR>rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS
Login-LAT-Port<BR>conns: 0x80b3780<BR>Module: Instantiated ldap (ldap)
<BR>Module: Loaded eap <BR> eap: default_eap_type = "peap"<BR> eap:
timer_expire = 60<BR> eap: ignore_unknown_eap_types = no<BR> eap:
cisco_accounting_username_bug = no<BR> tls: rsa_key_exchange =
no<BR> tls: dh_key_exchange = yes<BR> tls: rsa_key_length =
512<BR> tls: dh_key_length = 512<BR> tls: verify_depth =
0<BR> tls: CA_path = "(null)"<BR> tls: pem_file_type =
yes<BR> tls: private_key_file =
"/usr/local/etc/raddb/certs/freebsd.puyenet.com.pem"<BR> tls:
certificate_file =
"/usr/local/etc/raddb/certs/freebsd.puyenet.com.pem"<BR> tls: CA_file =
"/usr/local/etc/raddb/certs/root.pem"<BR> tls: private_key_password =
"XXXXXXXXX"<BR> tls: dh_file =
"/usr/local/etc/raddb/certs/dh"<BR> tls: random_file =
"/usr/local/etc/raddb/certs/random"<BR> tls: fragment_size =
1024<BR> tls: include_length = yes<BR> tls: check_crl =
no<BR> tls: check_cert_cn = "(null)"<BR>rlm_eap: Loaded and initialized
type tls<BR>rlm_eap: No such sub-type for default EAP type
peap<BR>radiusd.conf[9]: eap: Module instantiation failed. <BR>freebsd#</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>Thanks,</DIV>
<DIV dir=ltr>Alhagie.</DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B>
freeradius-users-bounces+apuye=datawave.com@lists.freeradius.org on behalf of
Zoltan A. Ori<BR><B>Sent:</B> Mon 1/2/2006 8:38 AM<BR><B>To:</B> FreeRadius
users mailing list<BR><B>Subject:</B> Re: FreeRADIUS with PEAP
problems<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>On Monday 02 January 2006 07:34, Alhagie Puye wrote:<BR>>
> >Do you have<BR>> > ><BR>> >
> peap {<BR>> >
> default_eap_type
= mschapv2<BR>> > > }<BR>> >
><BR>> > >in your eap.conf?<BR>><BR>> Yes, I do.<BR><BR>And,
was MSCHAP instantiated?<BR><BR>A complete debug output might help since the
problem may begin elsewhere and<BR>only manifest itself as an error when
dependencies are required.<BR><BR>Zoltan Ori<BR><BR><BR>-<BR>List
info/subscribe/unsubscribe? See <A
href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A><BR></FONT></P></DIV>
<p></p>This message (including any attachments) is confidential, may be privileged and is only intended for the person to whom it is addressed. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail communications are inherently vulnerable to interception by unauthorized parties and are susceptible to change. We will use alternate communication means upon request.</BODY>
</HTML>