It looks like you haven't configured sql (and password is in the database). Ivan Kalik Kalik Informatika ISP Dana 27/3/2008, "Mikael Syska" <mikael@syska.dk> piše:
Hi,
Thanks, that seemed to get me a bit further to the end .... now I got this: +----+----------+--------------------+----+-------+ | id | username | attribute | op | value | +----+----------+--------------------+----+-------+ | 2 | 44 | Cleartext-Password | := | 4444 | +----+----------+--------------------+----+-------+
Here is where its failing: ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! Cancelling invalid proxy request. rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for 44 with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [44/<via Auth-Type = EAP>] (from client ap30 port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE ++[eap] returns handled EAP-Message = 0x010b002b190017030100206f04599b56f9940737b9c497b35f5f64e78bceb46ce824932fe2d58d5d3850de Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5856f36f505dea9c1496d5ca0872b221 Finished request 20. Going to the next request Waking up in 3.9 seconds.
So ... what do I need to set ... I'm not sure were I can read about this, so this mailing list is my only hope ... :-) Maybe its something about what Alan wrote:
hi,
trying to authenticate Vista against a plain password? PEAP doesnt work like this. you could put an NThash into the database instead.. or try using SecureW2 or other asupplicant that does EAP-TTLS/PAP alan
But I'm not sure ... its still all very new to me ...
If you need more information, just say so ... and I will get it.
best regards Mikael Syska
On Thu, Mar 27, 2008 at 6:38 AM, Alan DeKok <aland@deployingradius.com> wrote:
Mikael Syska wrote:
I'm using default setup, only uncomment the sql in the default "sites-enabled"
Running version: 2.0.3
I think you have to copy "sites-available/inner-tunnel" from the tar file to /etc/raddb. It isn't installed by default in 2.0.3, but it *is* referenced. Sorry...
This is fixed in CVS head.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html