Did you generate the certificates that are mentioned there? The one's that ship with the server are expired, you have to generate your own certificate. What version of FreeRADIUS. Version 1.1.1 fixed alot of little PEAP things. Version 1.1.3 of course is what you should be running. Most versions after 1.0.0 have the eap section broken out to a separate file, that has lots of comments in it about generating Certs. Also, it looks like your actual problem is that you have re-written the eap section... and missed a Paren This is Mine. In yours you have included mschapv2 inside of PEAP. It is its own section, outside of the PEAP section. peap { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = yes # proxy_tunneled_request_as_eap = yes } mschapv2 { } ________________________________ From: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org [mailto:freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org] On Behalf Of Ian Walker Sent: Friday, September 01, 2006 8:36 AM To: freeradius-users@lists.freeradius.org Subject: Problems getting eap-mschapv2 working. Been trying to get eap working with peap/mschapv2 but it doesn't seem to work. This is my radiusd.conf file: prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = /var/run sbindir = ${exec_prefix}/sbin logdir = /var/log raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } $INCLUDE ${confdir}/clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { eap { default_eap_type = md5 timer_expire = 60 md5 { } tls { private_key_password = private_key_file = /usr/local/etc/raddb/new.cert.key certificate_file = /usr/local/etc/raddb/new.cert.cert CA_file = /usr/local/etc/raddb/cacert.pem dh_file = /dev/urandom random_file = /dev/urandom fragment_size = 1024 include_length = yes } peap { default_eap_type = mschapv2 mschapv2 { authtype = mschapv2 use_mppe = yes require_encryption = yes require_strong = yes } } } files { usersfile = ${confdir}/users compat = no } exec cerb { wait = yes program = "/usr/local/bin/cerbauth -e freeradius" input_pairs = request output_pairs = reply } preprocess { } } authorize { preprocess eap files } authenticate { Auth-Type eap { eap } Auth-Type CERB { cerb } } as you can see, I'm currently working with md5 and this works perfectly well. But when I set the client and configure the server to default for peap/tls, then it fails saying: "No such EAP type mschapv2" I believe if I can get passed this, that my system will authenticate with peap/mschapv2 successfully. Hope you can help. Regards Ian