Rob wrote:
While I am using Calling-Station-Id freeradius does not authenicate user. Without calling-station-id (user Rob) works Ok. Can anybody point me where is the problem? Checkval exists in radiusd.conf.
Checkval isn't needed. I have no idea why you would use it here.
Freeradius 1.1.7 user file: "Alan" User-Password == "12345", Calling-Station-Id == "000d88b7c2de"
You don't need quotes around the user name. The examples in the "users" file show this. You need to use Cleartext-Password := ..., too. This is in the FAQ.
"Rob" User-Password == "123456" DEFAULT Auth-Type = EAP,EAP-Type == PEAP, Proxy-To-Realm = LOCAL
Delete that last line. I have no idea why so many people insist on setting Auth-Type. Can you please explain why you added it, and which documentation said it was a good idea? All of the documentation that is shipped with the server says that you are NOT supposed to add it.
Log from radius -X: ... peap: copy_request_to_tunnel = no
The Calling-Station-Id is *not* present in the tunneled request. So... unless you set this to "yes", the entry above in the "users" file will NOT match! And the debug log shows this: ...
modcall[authorize]: module "files" returns notfound for request 6
See? No match.
modcall: leaving group authorize (returns updated) for request 6 ... rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for Alan with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
And then authentication fails. Alan DeKok.