Did you generate the certificates that are mentioned there? The one's that ship with the server > are expired, you have to generate your own certificate.
I generated the certificates myself, these are working fine. I can use md5 no problem, but peap complains about mschapv2.
What version of FreeRADIUS. Version 1.1.1 fixed alot of little PEAP things.
Version 1.1.3 of course is what you should be running.
Using the latest version 1.1.3, compiled with all options enabled.
Also, it looks like your actual problem is that you have re-written the eap section... and missed > >a Paren
They are all there, checked this morning, nothing missing.
This is Mine. In yours you have included mschapv2 inside of PEAP. It is its own section,
> outside of the PEAP section. I did have it like this originally, and it still didn't work. Any ideas appreciated.
------------------------------ *From:* freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org[mailto: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org] *On Behalf Of *Ian Walker *Sent:* Friday, September 01, 2006 8:36 AM *To:* freeradius-users@lists.freeradius.org *Subject:* Problems getting eap-mschapv2 working.
Been trying to get eap working with peap/mschapv2 but it doesn't seem to work.
This is my radiusd.conf file:
prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = /var/run sbindir = ${exec_prefix}/sbin logdir = /var/log raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no }
$INCLUDE ${confdir}/clients.conf
thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 }
modules { eap { default_eap_type = md5 timer_expire = 60 md5 { } tls { private_key_password = private_key_file = /usr/local/etc/raddb/new.cert.key certificate_file = /usr/local/etc/raddb/new.cert.cert CA_file = /usr/local/etc/raddb/cacert.pem dh_file = /dev/urandom random_file = /dev/urandom fragment_size = 1024 include_length = yes } peap { default_eap_type = mschapv2 mschapv2 { authtype = mschapv2 use_mppe = yes require_encryption = yes require_strong = yes } } }
files { usersfile = ${confdir}/users compat = no } exec cerb { wait = yes program = "/usr/local/bin/cerbauth -e freeradius" input_pairs = request output_pairs = reply } preprocess { } }
authorize { preprocess eap files }
authenticate {
Auth-Type eap { eap }
Auth-Type CERB { cerb } }
as you can see, I'm currently working with md5 and this works perfectly well. But when I set the client and configure the server to default for peap/tls, then it fails saying:
"No such EAP type mschapv2"
I believe if I can get passed this, that my system will authenticate with peap/mschapv2 successfully.
Hope you can help.
Regards
Ian
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html