i'm also have a problem to make PEAP works with XP SP2.The PAP, EAP-tls, EAP-ttls work very well.i realise that freeradius gives me this error : rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for nurah with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 i do read the maillist and search on google but cant make XP SP2 Work with PEAP. i'm using several NAS such as SMC BARRICADE 2804WBR and Linksys WRT54G. i do configure default_eap_type = peap in eap.conf and have a plain text password in users file : nurah User-Password == "mypasswd" ** i make a new users file and put nurah user only in it here is my complete debug message : ----------------------- Initializing the thread pool... Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. Nothing to do. Sleeping until we see a request. Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "unix" returns updated for request 0 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 7 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "expiration" returns noop for request 0 modcall[authorize]: module "logintime" returns noop for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "unix" returns updated for request 1 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 8 length 65 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "expiration" returns noop for request 1 modcall[authorize]: module "logintime" returns noop for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Finished request 1 Going to the next request Waking up in 5 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "unix" returns updated for request 2 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 9 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 2 modcall[authorize]: module "expiration" returns noop for request 2 modcall[authorize]: module "logintime" returns noop for request 2 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 rad_recv: Access-Request packet from host 192.168.2.1 port 1025, id=7, length=91 User-Name = "nurah" NAS-IP-Address = 192.168.2.1 NAS-Identifier = "AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0207000a016e75726168 Message-Authenticator = 0x68f9afa71809cd05fb71ab8686f18320 Sending Access-Challenge of id 7 to 192.168.2.1 port 1025 EAP-Message = 0x010800061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x504617b0d4dd078d15c5d6ad12aff5f1 rad_recv: Access-Request packet from host 192.168.2.1 port 1026, id=8, length=164 User-Name = "nurah" NAS-IP-Address = 192.168.2.1 NAS-Identifier = "AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x504617b0d4dd078d15c5d6ad12aff5f1 EAP-Message = 0x0208004119800000003716030100320100002e0301ae311dd3edd1dea83725e444a8d98d1e6112c10ebfcddacd153cf88067247bfc01000006000a000500040100 Message-Authenticator = 0x8413f48fc7e59bb15e4f6ed10532a5d9 Sending Access-Challenge of id 8 to 192.168.2.1 port 1026 EAP-Message = 0x0109040a19c000000729160301004a02000046030143963da2133ae46a6fdcc84d872a6f77f8447a49f37e19e9ab11f900f2c11630207acd91607051139b88ec441c90932b9ca122526d8e65d3ed5229d33d9c5008ae000a0016030106cc0b0006c80006c50002c9308202c53082022e020900f2585747fdc421f1300d06092a864886f70d01010505003081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b13024954311e301c0603550403 EAP-Message = 0x13154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d01090116156e757261683132314073747265616d79782e636f6d301e170d3035313230343036323235325a170d3135313230323036323235325a30819f310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b130249543110300e06035504031307636f6c696e75783124302206092a864886f70d01090116156e757261683132314073747265616d79782e63 EAP-Message = 0x6f6d30819f300d06092a864886f70d010101050003818d0030818902818100a9c3198f512e0c50674463c59ce454415fd1df0496491d5d8830044248d602fbf9112117e2f5fea88aa6433add26cfdbc17303650260e43b551990fe5f45e826147cacae5469311b55fde41305b972580db938c16dcd73cb44f47c978b8fb205c9489ff748fd7e87ff9555a004f44ed3eeb18e982aa1c7e8dcdd49af87f3d15f0203010001300d06092a864886f70d01010505000381810090ab8b57db0a519e89a3d18882f98dde739a0e21fa1c26bf754f9f7835dc34a146aec1327de98a1ec8cb03b930da518cac8e06ce7d39685697f3d226388cc2f2b8464672e272 EAP-Message = 0x0ca42ab3184e5e0669b1dc545b928b3341c4beb5ef574f51a9192f5fd153c91d698d7b957befe425ef45fd1eb81631c44229f9c6405a4a3ec3000003f6308203f23082035ba003020102020900d4a1f9d8d7737d14300d06092a864886f70d01010505003081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b13024954311e301c060355040313154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d010901 EAP-Message = 0x16156e757261683132314073747265616d79782e636f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf4c74c157d0597a1dce1a727f6888730 rad_recv: Access-Request packet from host 192.168.2.1 port 1027, id=9, length=105 User-Name = "nurah" NAS-IP-Address = 192.168.2.1 NAS-Identifier = "AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0xf4c74c157d0597a1dce1a727f6888730 EAP-Message = 0x020900061900 Message-Authenticator = 0xe882c439bd4c462b3d3d457e586fa9a3 Sending Access-Challenge of id 9 to 192.168.2.1 port 1027 EAP-Message = 0x010a032f19006d301e170d3035313230343036323234315a170d3135313230323036323234315a3081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b30090Finished request 2 Going to the next request Waking up in 5 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "unix" returns updated for request 3 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 10 length 200 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 3 modcall[authorize]: module "expiration" returns noop for request 3 modcall[authorize]: module "logintime" returns noop for request 3 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Finished request 3 Going to the next request Waking up in 5 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "unix" returns updated for request 4 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 11 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 4 modcall[authorize]: module "expiration" returns noop for request 4 modcall[authorize]: module "logintime" returns noop for request 4 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 4 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "unix" returns updated for request 5 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 12 length 43 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 5 modcall[authorize]: module "expiration" returns noop for request 5 modcall[authorize]: module "logintime" returns noop for request 5 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - nurah rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of nurah PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to nurah Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "unix" returns updated for request 5 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 12 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 5 modcall[authorize]: module "expiration" returns noop for request 5 modcall[authorize]: module "logintime" returns noop for request 5 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 60355040b13024954311e301c060355040313154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d01090116156e757261683132314073747265616d79782e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c06c98b52f07e40b7a EAP-Message = 0x2bbc8195354322a1add2669b6490fa1e283485c0199c6c19b98d39f46d7a7794b2fcb00d603527c59937017b94ec55cb13fff98f955756e542a51615102155fb2b5488df44df901c8a3c4ff33cfeef393201adedaea261e0f09ba0b761b75ea936fefa309dcf4123e6181d6195933dc8d6bac8059cfb5d0203010001a382011630820112301d0603551d0e041604142ce51d8df33c708efad4c61573507ce4ab53dca23081e20603551d230481da3081d780142ce51d8df33c708efad4c61573507ce4ab53dca2a181b3a481b03081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f EAP-Message = 0x746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b13024954311e301c060355040313154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d01090116156e757261683132314073747265616d79782e636f6d820900d4a1f9d8d7737d14300c0603551d13040530030101ff300d06092a864886f70d0101050500038181002e723b0585ba7578446d0e31b3ca76f6a1cf7687cec687370f7cc19705f9f65fd9de89f88dd29289067f36429c986aa5b2acb0385db81ae478977e3c8afe5cac922f868c287102958f6480d804137a857b EAP-Message = 0x8cfd7b67dc75baae0473ebef570bc0818109395d7719dfc91c433512fdd6024ed7b95be263199c0a8b0b2b91e53ebf16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf555032e67d9a39b1882d1f8fcf09959 rad_recv: Access-Request packet from host 192.168.2.1 port 1028, id=10, length=299 User-Name = "nurah" NAS-IP-Address = 192.168.2.1 NAS-Identifier = "AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0xf555032e67d9a39b1882d1f8fcf09959 EAP-Message = 0x020a00c81980000000be16030100861000008200807b7478a2410e8462f3f7d10c0e9d50d19af9a741141bc370f1a8f6c75bf709f3acf214824e4cfc94f0dbe7fca16f0dc4e2cd2e2f07ee3fed801a4927f4cebbc81d3412d562849a1cc97326393602377db60bda2d700cbbcc7dc22e7a4fc2cb46f3a39d2ac03757b6c18c90ee28092771f720d783860385fa53a3b91c4ba1349614030100010116030100287b7da10c2e9631775cb253b814a2e0b7c2ae490e1315919d7ccdbcdffc15f7ead55393c895763aa0 Message-Authenticator = 0x797234f69da5e2f9b286b496e7f012de Sending Access-Challenge of id 10 to 192.168.2.1 port 1028 EAP-Message = 0x010b00391900140301000101160301002859982aa195439003edaefa0a02d39657f462c138c0a491cb9e3a2e8f53e454d78cf70c2593081536 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e87fe669ff8f70b4f366ff026238bf3 rad_recv: Access-Request packet from host 192.168.2.1 port 1029, id=11, length=105 User-Name = "nurah" NAS-IP-Address = 192.168.2.1 NAS-Identifier = "AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x2e87fe669ff8f70b4f366ff026238bf3 EAP-Message = 0x020b00061900 Message-Authenticator = 0x076cfe5e1e00f1331f6ab47739023c5b Sending Access-Challenge of id 11 to 192.168.2.1 port 1029 EAP-Message = 0x010c004819001703010018f1089fc93f10c7b3aff1fbd2de8e9f777555699758858a8817030100207d2beb720e59cd6554e8de7952b4bf30ba3209e191279c2413e014da3b750b3a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1f0cea76398ad5e6af48a1bfe5667d65 rad_recv: Access-Request packet from host 192.168.2.1 port 1030, id=12, length=142 User-Name = "nurah" NAS-IP-Address = 192.168.2.1 NAS-Identifier = "AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x1f0cea76398ad5e6af48a1bfe5667d65 EAP-Message = 0x020c002b19001703010020869dc6c24a3ce923587a617c19c1da7a14c44a17929e213eab2023743f1be8c3 Message-Authenticator = 0x3642782edda868940e8fed95b40490cb PEAP: Got tunneled EAP-Message EAP-Message = 0x020c000a016e75726168 PEAP: Sending tunneled request EAP-Message = 0x020c000a016e75726168 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "nurah" PEAP: Got tunneled reply RADIUS code 11 EAP-Message = 0x010d001f1a010d001a10650acba154cea10853bd3a630dd8b4316e75726168 Message-Authenticat PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Finished request 5 Going to the next request Waking up in 4 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "unix" returns updated for request 6 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 13 length 99 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 6 modcall[authorize]: module "expiration" returns noop for request 6 modcall[authorize]: module "logintime" returns noop for request 6 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to nurah PEAP: Adding old state with 79 06 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "unix" returns updated for request 6 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 13 length 64 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 6 modcall[authorize]: module "expiration" returns noop for request 6 modcall[authorize]: module "logintime" returns noop for request 6 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for nurah with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: leaving group authenticate (returns reject) for request 6 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Finished request 6 Going to the next request Waking up in 4 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "unix" returns updated for request 7 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 14 length 43 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 7 modcall[authorize]: module "expiration" returns noop for request 7 modcall[authorize]: module "logintime" returns noop for request 7 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: leaving group authenticate (returns invalid) for request 7 auth: Failed to validate the user. Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 4 seconds... Delaying request 7 for 1 seconds --- Walking the entire request list --- Waking up in 1 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "unix" returns updated for request 8 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 8 modcall[authorize]: module "expiration" returns noop for request 8 modcall[authorize]: module "logintime" returns noop for request 8 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 8 modcall: leaving group authenticate (returns invalid) for request 8 auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 7 with timestamp 43963da2 Cleaning up request 3 ID 10 with timestamp 43963da2 Cleaning up request 1 ID 8 with timestamp 43963da2 Cleaning up request 2 ID 9 with timestamp 43963da2 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 5 ID 12 with timestamp 43963da3 Cleaning up request 4 ID 11 with timestamp 43963da3 Cleaning up request 6 ID 13 with timestamp 43963da3 Cleaning up request 7 ID 14 with timestamp 43963da3 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 8 ID 3 with timestamp 43963da6 Nothing to do. Sleeping until we see a request. __________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
If you use users file with a User-Password, you don't have to use ntlm in MSCHAP config because it's only here to deal with a Windows domain Controller. 2005/12/6, mat yuh <yusshalimee@yahoo.com>:
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. .... i do configure default_eap_type = peap in eap.conf and have a plain text password in users file :
nurah User-Password == "mypasswd"
Here is another problem : You're trying to use a user cert, setting EAP-Type to PEAP in users may solves it. HTH
rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A
thanks xav for answering.. how to disable ntlm for MSCHAP?is it in radiusd.conf? --- xav guerin <xavtoo@gmail.com> wrote:
If you use users file with a User-Password, you don't have to use ntlm in MSCHAP config because it's only here to deal with a Windows domain Controller.
2005/12/6, mat yuh <yusshalimee@yahoo.com>:
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. .... i do configure default_eap_type = peap in eap.conf and have a plain text password in users file :
nurah User-Password == "mypasswd"
Here is another problem : You're trying to use a user cert, setting EAP-Type to PEAP in users may solves it.
HTH
rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
I have in NAS log something like this: Dec/08/2005 00:44:33 Accounting login fail Dec/08/2005 00:44:28 Send Accounting login message debik Dec/08/2005 00:44:23 Send Accounting login message debik Dec/08/2005 00:44:18 Send Accounting login message debik Dec/08/2005 00:44:18 Authentication success 00-0F-CB-B0-06-86 Dec/08/2005 00:44:18 EAP-Success 00-0F-CB-B0-06-86 Dec/08/2005 00:44:12 Accounting logout fail Dec/08/2005 00:44:09 EAP-Response/Identity debik Dec/08/2005 00:44:09 EAP-Request/Identity Dec/08/2005 00:44:08 Wireless PC connected 00-0F-CB-B0-06-86 What does it mean ??
here is my radiusd.conf --- xav guerin <xavtoo@gmail.com> wrote:
If you use users file with a User-Password, you don't have to use ntlm in MSCHAP config because it's only here to deal with a Windows domain Controller.
2005/12/6, mat yuh <yusshalimee@yahoo.com>:
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. .... i do configure default_eap_type = peap in eap.conf and have a plain text password in users file :
nurah User-Password == "mypasswd"
Here is another problem : You're trying to use a user cert, setting EAP-Type to PEAP in users may solves it.
HTH
rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
It's in radius in module configuration for mschap (just before ldap module), but your config is correct from this point of view (it's commented out). Did you try EAP-Type := PEAP in the users file ? 2005/12/6, mat yuh <yusshalimee@yahoo.com>:
here is my radiusd.conf
--- xav guerin <xavtoo@gmail.com> wrote:
If you use users file with a User-Password, you don't have to use ntlm in MSCHAP config because it's only here to deal with a Windows domain Controller.
2005/12/6, mat yuh <yusshalimee@yahoo.com>:
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. .... i do configure default_eap_type = peap in eap.conf and have a plain text password in users file :
nurah User-Password == "mypasswd"
Here is another problem : You're trying to use a user cert, setting EAP-Type to PEAP in users may solves it.
HTH
rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________ Yahoo! DSL – Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
i put this in users file but still failed.. same problem " rlm_mschap: FAILED: No NT/LM-Password". nurah EAP-Type == PEAP,User-Password=="mypasswd" --- xav guerin <xavtoo@gmail.com> wrote:
It's in radius in module configuration for mschap (just before ldap module), but your config is correct from this point of view (it's commented out). Did you try EAP-Type := PEAP in the users file ?
2005/12/6, mat yuh <yusshalimee@yahoo.com>:
here is my radiusd.conf
--- xav guerin <xavtoo@gmail.com> wrote:
If you use users file with a User-Password, you don't have to use ntlm in MSCHAP config because it's only here to deal with a Windows domain Controller.
2005/12/6, mat yuh <yusshalimee@yahoo.com>:
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. .... i do configure default_eap_type = peap in eap.conf and have a plain text password in users file :
nurah User-Password == "mypasswd"
Here is another problem : You're trying to use a user cert, setting EAP-Type to PEAP in users may solves it.
HTH
rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
I think you should replace "==" by ":=" . this conf should work: nurah User-Password=="password" EAP-Type := PEAP 2005/12/6, mat yuh <yusshalimee@yahoo.com>:
i put this in users file but still failed.. same problem " rlm_mschap: FAILED: No NT/LM-Password".
nurah EAP-Type == PEAP,User-Password=="mypasswd"
--- xav guerin <xavtoo@gmail.com> wrote:
It's in radius in module configuration for mschap (just before ldap module), but your config is correct from this point of view (it's commented out). Did you try EAP-Type := PEAP in the users file ?
2005/12/6, mat yuh <yusshalimee@yahoo.com>:
here is my radiusd.conf
--- xav guerin <xavtoo@gmail.com> wrote:
If you use users file with a User-Password, you don't have to use ntlm in MSCHAP config because it's only here to deal with a Windows domain Controller.
2005/12/6, mat yuh <yusshalimee@yahoo.com>:
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. .... i do configure default_eap_type = peap in eap.conf and have a plain text password in users file :
nurah User-Password == "mypasswd"
Here is another problem : You're trying to use a user cert, setting EAP-Type to PEAP in users may solves it.
HTH
rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________ Yahoo! DSL – Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________ Yahoo! DSL – Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
i'm put in the users file like :- nurah User-Password := "mypasswd" the problem still exist.. failed to connect rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for nurah with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 when i put in the users file like this :- nurah EAP-Type := PEAP, User-Password := "mypasswd" that message gone... but still failed to authenticate thank you for replying.. --- Alan DeKok <aland@ox.org> wrote:
mat yuh <yusshalimee@yahoo.com> wrote:
nurah User-Password == "mypasswd"
Use := instead of ==, and it will work.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
Hi, I am trying to add MONTHLY-TIME-LIMIT to the freeradius dictionary. I will be using this parameter in the radreply table of the freeradius database. Exactly how do I add this to the freeradius dictionary? Sincerely, Don James
Oh, yeah, right. It may as well be written in Greek. Thanks for nothing. Tuesday, December 6, 2005Tue, 6 Dec 2005 18:04:06 -050017:04-060018:04- 0500@1002AlanAlan DeKokaland@ox.org
"don james" <outlawtx@cox-internet.com> wrote:
Exactly how do I add this to the freeradius dictionary?
$ man dictionary
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
"don james" <outlawtx@cox-internet.com> wrote:
Oh, yeah, right. It may as well be written in Greek. Thanks for nothing.
If you want a perfect answer, see: http://www.freeradius.org/business/ I'm sure if you pay someone they'll tell you what you need to do. If you're not willing to spend the time to read the docs, and you're not willing to pay anyone, good luck solving the problem. I wish you the best. Alan DeKok.
Hi Alan, Thanks for your help. I've read all of the docs that I could find. I subscribe to the O'Reilly online books and haven't been able to find much there. I am willing to read all of the docs extant. Sincerely, Don James Tuesday, December 6, 2005Tue, 6 Dec 2005 18:43:50 -050017:43-060018:43- 0500@1030AlanAlan DeKokaland@ox.org
"don james" <outlawtx@cox-internet.com> wrote:
Oh, yeah, right. It may as well be written in Greek. Thanks for nothing.
If you want a perfect answer, see:
http://www.freeradius.org/business/
I'm sure if you pay someone they'll tell you what you need to do.
If you're not willing to spend the time to read the docs, and you're not willing to pay anyone, good luck solving the problem.
I wish you the best.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
don james" <outlawtx@cox-internet.com> wrote:
Thanks for your help. I've read all of the docs that I could find. I subscribe to the O'Reilly online books and haven't been able to find much there.
I am willing to read all of the docs extant.
Ok... WHY do you want to create that dictionary entry? It shouldn't be necessary. If you DO want to create that entry, read /etc/raddb/dictionary, it contains examples. If you DON'T understand those examples, ask DETAILED questions. Alan DeKok.
I, for one, have used the services of Cladju Consulting, as listed in the freeradius business directory. Well worth the few dollars we spent. Rob -----Original Message----- If you want a perfect answer, see: http://www.freeradius.org/business/ I'm sure if you pay someone they'll tell you what you need to do. If you're not willing to spend the time to read the docs, and you're not willing to pay anyone, good luck solving the problem. --- Checked for viruses by Transact Bermuda
don james wrote:
Oh, yeah, right. It may as well be written in Greek. Thanks for nothing. You are sure to get many helpful responses now. If you read it and don't understand what you read, then why not post what is confusing you? You might as well go buy the O'Rielly RADIUS book now. Your not likely to get much help anywhere else with that attitude of yours.
Oh, yeah, right. It may as well be written in Greek. Thanks for nothing. You are sure to get many helpful responses now. If you read it and don't understand what you read, then why not post what is confusing you? You might as well go buy the O'Rielly RADIUS book now. Your not likely to get much help anywhere else with that attitude of yours.
I can only agree with Lewis Bergman. And believe me - I am subscribe to many mailing lists - and on this one, you get help from really good and competent people ( like developers of the software ). Such "support" you don't even get when you buy software !! In the name of all members of this list - please be polite and do NOT overreact to some posts. It is understandable that you come here when you need to get your questions answered ( read - desperate ;) in my case ), but stay calm and polite and everything will work out.. trust me... Regards, Edvin PS: sorry for this off topic mail ! -----Original Message----- From: freeradius-users-bounces@lists.freeradius.org [mailto:freeradius-users-bounces@lists.freeradius.org] On Behalf Of Lewis Bergman Sent: Mittwoch, 07. Dezember 2005 00:45 To: FreeRadius users mailing list Subject: Re: dictionary: adding MONTHLY-TIME-LIMIT don james wrote: - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"don james" <outlawtx@cox-internet.com> writes:
Oh, yeah, right. It may as well be written in Greek. Thanks for nothing.
I've found this document to be a valuable source of information: http://www.catb.org/~esr/faqs/smart-questions.html These two sections seem to apply to your problem in particular: http://www.catb.org/~esr/faqs/smart-questions.html#goal http://www.catb.org/~esr/faqs/smart-questions.html#rtfm Bjørn
Could you sent me your configs. A would like to lokk how you use other authentication. ----- Original Message ----- From: "mat yuh" <yusshalimee@yahoo.com> To: <freeradius-users@lists.freeradius.org> Sent: Tuesday, December 06, 2005 10:50 AM Subject: Re: XP auth + PEAP (debik)
i'm also have a problem to make PEAP works with XP SP2.The PAP, EAP-tls, EAP-ttls work very well.i realise that freeradius gives me this error :
rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for nurah with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6
i do read the maillist and search on google but cant make XP SP2 Work with PEAP. i'm using several NAS such as SMC BARRICADE 2804WBR and Linksys WRT54G. i do configure default_eap_type = peap in eap.conf and have a plain text password in users file :
nurah User-Password == "mypasswd"
** i make a new users file and put nurah user only in it
here is my complete debug message :
-----------------------
Initializing the thread pool... Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. Nothing to do. Sleeping until we see a request. Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "unix" returns updated for request 0 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 7 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "expiration" returns noop for request 0 modcall[authorize]: module "logintime" returns noop for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "unix" returns updated for request 1 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 8 length 65 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "expiration" returns noop for request 1 modcall[authorize]: module "logintime" returns noop for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Finished request 1 Going to the next request Waking up in 5 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "unix" returns updated for request 2 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 9 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 2 modcall[authorize]: module "expiration" returns noop for request 2 modcall[authorize]: module "logintime" returns noop for request 2 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 rad_recv: Access-Request packet from host 192.168.2.1 port 1025, id=7, length=91 User-Name = "nurah" NAS-IP-Address = 192.168.2.1 NAS-Identifier = "AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0207000a016e75726168 Message-Authenticator = 0x68f9afa71809cd05fb71ab8686f18320 Sending Access-Challenge of id 7 to 192.168.2.1 port 1025 EAP-Message = 0x010800061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x504617b0d4dd078d15c5d6ad12aff5f1 rad_recv: Access-Request packet from host 192.168.2.1 port 1026, id=8, length=164 User-Name = "nurah" NAS-IP-Address = 192.168.2.1 NAS-Identifier = "AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x504617b0d4dd078d15c5d6ad12aff5f1 EAP-Message = 0x0208004119800000003716030100320100002e0301ae311dd3edd1dea83725e444a8d98d1e6112c10ebfcddacd153cf88067247bfc01000006000a000500040100 Message-Authenticator = 0x8413f48fc7e59bb15e4f6ed10532a5d9 Sending Access-Challenge of id 8 to 192.168.2.1 port 1026 EAP-Message = 0x0109040a19c000000729160301004a02000046030143963da2133ae46a6fdcc84d872a6f77f8447a49f37e19e9ab11f900f2c11630207acd91607051139b88ec441c90932b9ca122526d8e65d3ed5229d33d9c5008ae000a0016030106cc0b0006c80006c50002c9308202c53082022e020900f2585747fdc421f1300d06092a864886f70d01010505003081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b13024954311e301c0603550403 EAP-Message = 0x13154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d01090116156e757261683132314073747265616d79782e636f6d301e170d3035313230343036323235325a170d3135313230323036323235325a30819f310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b130249543110300e06035504031307636f6c696e75783124302206092a864886f70d01090116156e757261683132314073747265616d79782e63 EAP-Message = 0x6f6d30819f300d06092a864886f70d010101050003818d0030818902818100a9c3198f512e0c50674463c59ce454415fd1df0496491d5d8830044248d602fbf9112117e2f5fea88aa6433add26cfdbc17303650260e43b551990fe5f45e826147cacae5469311b55fde41305b972580db938c16dcd73cb44f47c978b8fb205c9489ff748fd7e87ff9555a004f44ed3eeb18e982aa1c7e8dcdd49af87f3d15f0203010001300d06092a864886f70d01010505000381810090ab8b57db0a519e89a3d18882f98dde739a0e21fa1c26bf754f9f7835dc34a146aec1327de98a1ec8cb03b930da518cac8e06ce7d39685697f3d226388cc2f2b8464672e272 EAP-Message = 0x0ca42ab3184e5e0669b1dc545b928b3341c4beb5ef574f51a9192f5fd153c91d698d7b957befe425ef45fd1eb81631c44229f9c6405a4a3ec3000003f6308203f23082035ba003020102020900d4a1f9d8d7737d14300d06092a864886f70d01010505003081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b13024954311e301c060355040313154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d010901 EAP-Message = 0x16156e757261683132314073747265616d79782e636f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf4c74c157d0597a1dce1a727f6888730 rad_recv: Access-Request packet from host 192.168.2.1 port 1027, id=9, length=105 User-Name = "nurah" NAS-IP-Address = 192.168.2.1 NAS-Identifier = "AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0xf4c74c157d0597a1dce1a727f6888730 EAP-Message = 0x020900061900 Message-Authenticator = 0xe882c439bd4c462b3d3d457e586fa9a3 Sending Access-Challenge of id 9 to 192.168.2.1 port 1027 EAP-Message = 0x010a032f19006d301e170d3035313230343036323234315a170d3135313230323036323234315a3081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b30090Finished request 2 Going to the next request Waking up in 5 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "unix" returns updated for request 3 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 10 length 200 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 3 modcall[authorize]: module "expiration" returns noop for request 3 modcall[authorize]: module "logintime" returns noop for request 3 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Finished request 3 Going to the next request Waking up in 5 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "unix" returns updated for request 4 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 11 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 4 modcall[authorize]: module "expiration" returns noop for request 4 modcall[authorize]: module "logintime" returns noop for request 4 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 4 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "unix" returns updated for request 5 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 12 length 43 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 5 modcall[authorize]: module "expiration" returns noop for request 5 modcall[authorize]: module "logintime" returns noop for request 5 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - nurah rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of nurah PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to nurah Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "unix" returns updated for request 5 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 12 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 5 modcall[authorize]: module "expiration" returns noop for request 5 modcall[authorize]: module "logintime" returns noop for request 5 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 60355040b13024954311e301c060355040313154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d01090116156e757261683132314073747265616d79782e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c06c98b52f07e40b7a EAP-Message = 0x2bbc8195354322a1add2669b6490fa1e283485c0199c6c19b98d39f46d7a7794b2fcb00d603527c59937017b94ec55cb13fff98f955756e542a51615102155fb2b5488df44df901c8a3c4ff33cfeef393201adedaea261e0f09ba0b761b75ea936fefa309dcf4123e6181d6195933dc8d6bac8059cfb5d0203010001a382011630820112301d0603551d0e041604142ce51d8df33c708efad4c61573507ce4ab53dca23081e20603551d230481da3081d780142ce51d8df33c708efad4c61573507ce4ab53dca2a181b3a481b03081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f EAP-Message = 0x746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b13024954311e301c060355040313154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d01090116156e757261683132314073747265616d79782e636f6d820900d4a1f9d8d7737d14300c0603551d13040530030101ff300d06092a864886f70d0101050500038181002e723b0585ba7578446d0e31b3ca76f6a1cf7687cec687370f7cc19705f9f65fd9de89f88dd29289067f36429c986aa5b2acb0385db81ae478977e3c8afe5cac922f868c287102958f6480d804137a857b EAP-Message = 0x8cfd7b67dc75baae0473ebef570bc0818109395d7719dfc91c433512fdd6024ed7b95be263199c0a8b0b2b91e53ebf16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf555032e67d9a39b1882d1f8fcf09959 rad_recv: Access-Request packet from host 192.168.2.1 port 1028, id=10, length=299 User-Name = "nurah" NAS-IP-Address = 192.168.2.1 NAS-Identifier = "AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0xf555032e67d9a39b1882d1f8fcf09959 EAP-Message = 0x020a00c81980000000be16030100861000008200807b7478a2410e8462f3f7d10c0e9d50d19af9a741141bc370f1a8f6c75bf709f3acf214824e4cfc94f0dbe7fca16f0dc4e2cd2e2f07ee3fed801a4927f4cebbc81d3412d562849a1cc97326393602377db60bda2d700cbbcc7dc22e7a4fc2cb46f3a39d2ac03757b6c18c90ee28092771f720d783860385fa53a3b91c4ba1349614030100010116030100287b7da10c2e9631775cb253b814a2e0b7c2ae490e1315919d7ccdbcdffc15f7ead55393c895763aa0 Message-Authenticator = 0x797234f69da5e2f9b286b496e7f012de Sending Access-Challenge of id 10 to 192.168.2.1 port 1028 EAP-Message = 0x010b00391900140301000101160301002859982aa195439003edaefa0a02d39657f462c138c0a491cb9e3a2e8f53e454d78cf70c2593081536 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e87fe669ff8f70b4f366ff026238bf3 rad_recv: Access-Request packet from host 192.168.2.1 port 1029, id=11, length=105 User-Name = "nurah" NAS-IP-Address = 192.168.2.1 NAS-Identifier = "AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x2e87fe669ff8f70b4f366ff026238bf3 EAP-Message = 0x020b00061900 Message-Authenticator = 0x076cfe5e1e00f1331f6ab47739023c5b Sending Access-Challenge of id 11 to 192.168.2.1 port 1029 EAP-Message = 0x010c004819001703010018f1089fc93f10c7b3aff1fbd2de8e9f777555699758858a8817030100207d2beb720e59cd6554e8de7952b4bf30ba3209e191279c2413e014da3b750b3a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1f0cea76398ad5e6af48a1bfe5667d65 rad_recv: Access-Request packet from host 192.168.2.1 port 1030, id=12, length=142 User-Name = "nurah" NAS-IP-Address = 192.168.2.1 NAS-Identifier = "AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x1f0cea76398ad5e6af48a1bfe5667d65 EAP-Message = 0x020c002b19001703010020869dc6c24a3ce923587a617c19c1da7a14c44a17929e213eab2023743f1be8c3 Message-Authenticator = 0x3642782edda868940e8fed95b40490cb PEAP: Got tunneled EAP-Message EAP-Message = 0x020c000a016e75726168 PEAP: Sending tunneled request EAP-Message = 0x020c000a016e75726168 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "nurah" PEAP: Got tunneled reply RADIUS code 11 EAP-Message = 0x010d001f1a010d001a10650acba154cea10853bd3a630dd8b4316e75726168 Message-Authenticat PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Finished request 5 Going to the next request Waking up in 4 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "unix" returns updated for request 6 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 13 length 99 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 6 modcall[authorize]: module "expiration" returns noop for request 6 modcall[authorize]: module "logintime" returns noop for request 6 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to nurah PEAP: Adding old state with 79 06 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "unix" returns updated for request 6 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 13 length 64 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 6 modcall[authorize]: module "expiration" returns noop for request 6 modcall[authorize]: module "logintime" returns noop for request 6 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for nurah with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: leaving group authenticate (returns reject) for request 6 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Finished request 6 Going to the next request Waking up in 4 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "unix" returns updated for request 7 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 14 length 43 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 7 modcall[authorize]: module "expiration" returns noop for request 7 modcall[authorize]: module "logintime" returns noop for request 7 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: leaving group authenticate (returns invalid) for request 7 auth: Failed to validate the user. Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 4 seconds... Delaying request 7 for 1 seconds --- Walking the entire request list --- Waking up in 1 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "unix" returns updated for request 8 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 8 modcall[authorize]: module "expiration" returns noop for request 8 modcall[authorize]: module "logintime" returns noop for request 8 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 8 modcall: leaving group authenticate (returns invalid) for request 8 auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 7 with timestamp 43963da2 Cleaning up request 3 ID 10 with timestamp 43963da2 Cleaning up request 1 ID 8 with timestamp 43963da2 Cleaning up request 2 ID 9 with timestamp 43963da2 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 5 ID 12 with timestamp 43963da3 Cleaning up request 4 ID 11 with timestamp 43963da3 Cleaning up request 6 ID 13 with timestamp 43963da3 Cleaning up request 7 ID 14 with timestamp 43963da3 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 8 ID 3 with timestamp 43963da6 Nothing to do. Sleeping until we see a request.
__________________________________________ Yahoo! DSL - Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
these config file work for me with unix,tls,ttls and pap only.. tell me if you found anything that can we share __________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
heh.. sorry.. forgot to attach files --- debik <debik@vp.pl> wrote:
Could you sent me your configs. A would like to lokk how you use other authentication. ----- Original Message ----- From: "mat yuh" <yusshalimee@yahoo.com> To: <freeradius-users@lists.freeradius.org> Sent: Tuesday, December 06, 2005 10:50 AM Subject: Re: XP auth + PEAP (debik)
i'm also have a problem to make PEAP works with XP SP2.The PAP, EAP-tls, EAP-ttls work very well.i realise that freeradius gives me this error :
rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for nurah with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6
i do read the maillist and search on google but cant make XP SP2 Work with PEAP. i'm using several NAS such as SMC BARRICADE 2804WBR and Linksys WRT54G. i do configure default_eap_type = peap in eap.conf and have a plain text password in users file :
nurah User-Password == "mypasswd"
** i make a new users file and put nurah user only in it
here is my complete debug message :
-----------------------
Initializing the thread pool... Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. Nothing to do. Sleeping until we see a request. Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "unix" returns updated for request 0 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 7 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "expiration" returns noop for request 0 modcall[authorize]: module "logintime" returns noop for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "unix" returns updated for request 1 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 8 length 65 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "expiration" returns noop for request 1 modcall[authorize]: module "logintime" returns noop for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode
=== message truncated === __________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
participants (9)
-
Alan DeKok -
Bjørn Mork -
debik -
don james -
Lewis Bergman -
mat yuh -
RH Lists -
Seferovic Edvin -
xav guerin