Re: Problem with Password and MySQL
Hi, I discovered where was the error: I was also limiting the users that can access at the database using the field "NAS-Identifier". That field was copied in the internal tunnell using "copy_request_to_tunnel = yes" in ttls, but not in PEAP. ========================================== To the developer: ========================================== Please document the option "copy_request_to_tunnel" in the peap module in eap.conf. I see it is supported but not documented as in the ttls module. Thanks. ==========================================
What kind of password have you stored in your db? Alseo the "upper" part of debug info is relevant. Could you post it? Yuri
On 10/25/05, Fabio <fabio.ped@libero.it> wrote:
Hi, I am trying to use MySQL to autenticate users of a wireless network, using EAP-TTLS-PAP or PEAP-MS-CHAPv2.
I use the following users file:
user1 User-Password == "user1" DEFAULT Suffix == "@mydomain.org <http://mydomain.org>", Autz-Type := SQL
while I have the following user in radcheck in MySQL
mysql> select * from radcheck; +----+----------+---------------+----+-------+ | id | UserName | Attribute | op | Value | +----+----------+---------------+----+-------+ | 11 | sql1 | User-Password | == | sql1 | +----+----------+---------------+----+-------+ 1 row in set (0.00 sec)
Logging with the user "user1" work fo both TTLS-PAP and PEAP-MS-CHAP-V2 (Tested with wpa_supplicant (both TTLS and PEAP) and MS Windows XP (PEAP)).
When i try to authenticate as the user sql1 (which is in the MySQL DB), works for TTLS-PAP but doesn't work with PEAP. Seems that inside the file "users" are handled both PAP and MS-CHAPv2 password, while with MySQL I can use only PAP.
The relevant part of the log with radiusd -X is provided below.
Thanks to anyone helping with this.
auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 8 modcall: group authenticate returns invalid for request 8 auth: Failed to validate the user.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Yuri Francalacci yuri.francalacci@gmail.com
participants (1)
-
Fabio