<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
Hello everyone,<br>I know that it is something I have forgot to configure but I cant for my life remember what it is.<br>What I want to do is to authenticate a user from a windows machine using PEAP.<br>The error I get in the output is:<br><br>rad_recv: Access-Request packet from host 192.168.118.10 port 35923, id=92, length=230<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "Jens"<br> State = 0x99a8723d9faf6be067d44ee908d21fb0<br> NAS-Port-Id = "wlan2"<br> Calling-Station-Id = "00-26-BB-14-50-CF"<br> Called-Station-Id = "02-0B-6B-33-62-35:3"<br> EAP-Message = 0x0207005b19001703010050ff6dcfaa2e20081def82599ed160a801cb8b3e047fe0408eca8f0ed5bf985a4594dbf7056245f7ff06e823be7ba31220fb494d61db652b3f05bf75b3767bbfcce4d3c8e706312e385afb35dd2fe6f8f9<br> Message-Authenticator = 0x0ba6d2c1daab0232a5b4bd95fac8dc78<br> NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 192.168.118.10<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "Jens", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 7 length 91<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] eaptls_verify returned 7 <br>[peap] Done initial handshake<br>[peap] eaptls_process returned 7 <br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] EAP type mschapv2<br>[peap] Got tunneled request<br> EAP-Message = 0x0207003f1a0207003a31f7f5bfb93119478c28430861f7428ecc000000000000000006883db97ed65677dadd8058359801947d67a7f575431297004a656e73<br>server {<br> PEAP: Setting User-Name to Jens<br>Sending tunneled request<br> EAP-Message = 0x0207003f1a0207003a31f7f5bfb93119478c28430861f7428ecc000000000000000006883db97ed65677dadd8058359801947d67a7f575431297004a656e73<br> FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "Jens"<br> State = 0xdb1b00f8db1c1ab8275dfb2a6c0e04ae<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> NAS-Port-Id = "wlan2"<br> Calling-Station-Id = "00-26-BB-14-50-CF"<br> Called-Station-Id = "02-0B-6B-33-62-35:3"<br> NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 192.168.118.10<br>server inner-tunnel {<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[unix] returns notfound<br>[suffix] No '@' in User-Name = "Jens", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>++[control] returns noop<br>[eap] EAP packet type response id 7 length 63<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>++[pap] returns noop<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/mschapv2<br>[eap] processing type mschapv2<br>[mschapv2] +- entering group MS-CHAP {...}<br>[mschap] No Cleartext-Password configured. Cannot create LM-Password.<br>[mschap] No Cleartext-Password configured. Cannot create NT-Password.<br>[mschap] Told to do MS-CHAPv2 for Jens with NT-Password<br>[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.<br>[mschap] FAILED: MS-CHAP2-Response is incorrect<br>++[mschap] returns reject<br>[eap] Freeing handler<br>++[eap] returns reject<br>Failed to authenticate the user.<br>} # server inner-tunnel<br>[peap] Got tunneled reply code 3<br> MS-CHAP-Error = "\007E=691 R=1"<br> EAP-Message = 0x04070004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>[peap] Got tunneled reply RADIUS code 3<br> MS-CHAP-Error = "\007E=691 R=1"<br> EAP-Message = 0x04070004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>[peap] Tunneled authentication was rejected.<br>[peap] FAILURE<br>++[eap] returns handled<br>Sending Access-Challenge of id 92 to 192.168.118.10 port 35923<br> EAP-Message = 0x0108002b19001703010020e9867cd0d691777dff28957e278ff9ee7618f8d26722621a3472801821e637a5<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x99a8723d9ea06be067d44ee908d21fb0<br>Finished request 197.<br><br>Things I´ve have configured in raddb and in raddb/modules is:<br><br>1. Added a user called Jens with Cleartext-Password := "kaffe"<br>2. Added two NAS in clients.conf<br>3. set "default_eap_type = peap", "copy_request_to_tunnel = yes" and under the peap section also "default_eap_type = mschapv2" in eap.conf<br>4. set & uncommented "use_mppe = yes" and set "require_encryption" = yes, "require_strong = yes" in mschap in the directory modules.<br><br>is there anything else I need to do that I have forgot so I can use peap?<br><br>Best regards/ Peter Carlstedt<br> <br /><hr />Windows Live Hotmail: <a href='http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009' target='_new'>Your friends can get your Facebook updates, right from HotmailŽ.</a></body>
</html>