Bruno Kremel wrote:
I am posting full log with first is radtest accepted and others are failde login from wifi client with 2 different accounts...
FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Mar 29 2010 at 15:58:09
You should probably upgrade to 2.1.8. It has a lot of fixes && features over 2.0.4.
server inner-tunnel { +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "123", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 8 length 62 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop
And no "sql". Edit raddb/sites-available/inner-tunnel, and add "sql" to the "authorize" section. It's already there, so you likely just have to uncomment it.
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for 123 with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Yup. No "known good" password means no authentication. You could also try: http://networkradius.com/freeradius.html This lets you cut && paste the debug output into a form. The response is a colorized HTML page indicating common errors, and things you should look into. It won't catch this problem, but it will highlight the fact that there was no "known good" password for the user. Alan DeKok.