<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2912" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=817502413-01092006><FONT face=Arial
color=#0000ff size=2>Did you generate the certificates that are mentioned
there? The one's that ship with the server are expired, you have to
generate your own certificate.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=817502413-01092006><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=817502413-01092006><FONT face=Arial
color=#0000ff size=2>What version of FreeRADIUS. Version 1.1.1 fixed alot
of little PEAP things.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=817502413-01092006><FONT face=Arial
color=#0000ff size=2>Version 1.1.3 of course is what you should be
running.</FONT></SPAN></DIV>
<DIV><SPAN class=817502413-01092006></SPAN><FONT face=Arial><FONT
color=#0000ff><FONT
size=2>Most versions after 1.0.0 have the eap section broken out to a separate file, that has lots of comments in it about generating Certs.</FONT></FONT></FONT></DIV>
<DIV><FONT face=Arial><FONT color=#0000ff><FONT
size=2></FONT></FONT></FONT> </DIV>
<DIV><FONT><FONT><FONT face=Arial><FONT color=#0000ff><FONT size=2>A<SPAN
class=817502413-01092006>lso, it looks like your actual problem is that you have
re-written the eap section... and missed a
Paren</SPAN></FONT></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT><FONT><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=817502413-01092006></SPAN></FONT></FONT></FONT></FONT></FONT> </DIV>
<DIV><FONT><FONT><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=817502413-01092006>This is Mine. In yours you have included mschapv2
inside of PEAP. It is its own section, outside of the PEAP
section.</SPAN></FONT></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT><FONT><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=817502413-01092006></SPAN></FONT></FONT></FONT></FONT></FONT> </DIV>
<DIV><FONT><FONT><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=817502413-01092006>
peap
{<BR>
default_eap_type = mschapv2</SPAN></FONT></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT><FONT><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=817502413-01092006>
copy_request_to_tunnel =
no<BR>
use_tunneled_reply = yes</SPAN></FONT></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT><FONT><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=817502413-01092006>
# proxy_tunneled_request_as_eap =
yes<BR>
}</SPAN></FONT></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT><FONT><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=817502413-01092006>
mschapv2
{<BR>
}<BR></SPAN></FONT></FONT></FONT></FONT></FONT></DIV>
<DIV><BR></DIV>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B>
freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org
[mailto:freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org] <B>On
Behalf Of </B>Ian Walker<BR><B>Sent:</B> Friday, September 01, 2006 8:36
AM<BR><B>To:</B> freeradius-users@lists.freeradius.org<BR><B>Subject:</B>
Problems getting eap-mschapv2 working.<BR></FONT><BR></DIV>
<DIV></DIV>Been trying to get eap working with peap/mschapv2 but it doesn't
seem to work.<BR><BR>This is my radiusd.conf file:<BR><BR>
<META content="Kate, the KDE Advanced Text Editor" name=Generator><PRE>prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var/run
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
$INCLUDE ${confdir}/clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
eap {
default_eap_type = md5
timer_expire = 60
md5 {
}
tls {
private_key_password =
private_key_file = /usr/local/etc/raddb/new.cert.key
certificate_file = /usr/local/etc/raddb/new.cert.cert
CA_file = /usr/local/etc/raddb/cacert.pem
dh_file = /dev/urandom
random_file = /dev/urandom
fragment_size = 1024
include_length = yes
}
peap {
default_eap_type = mschapv2
mschapv2 {
authtype = mschapv2
use_mppe = yes
require_encryption = yes
require_strong = yes
}
}
}
files {
usersfile = ${confdir}/users
compat = no
}
exec cerb {
wait = yes
program = "/usr/local/bin/cerbauth -e freeradius"
input_pairs = request
output_pairs = reply
}
preprocess {
}
}
authorize {
preprocess
eap
files
}
authenticate {
Auth-Type eap {
eap
}
Auth-Type CERB {
cerb
}
}
</PRE><BR>as you can see, I'm currently working with md5 and this works
perfectly well. But when I set the client and configure the server to
default for peap/tls, then it fails saying:<BR><BR>"No such EAP type mschapv2"
<BR><BR>I believe if I can get passed this, that my system will authenticate
with peap/mschapv2 successfully.<BR><BR>Hope you can
help.<BR><BR>Regards<BR><BR><BR>Ian<BR></BLOCKQUOTE></BODY></HTML>