Problem with Password and MySQL
Hi, I am trying to use MySQL to autenticate users of a wireless network, using EAP-TTLS-PAP or PEAP-MS-CHAPv2. I use the following users file: user1 User-Password == "user1" DEFAULT Suffix == "@mydomain.org", Autz-Type := SQL while I have the following user in radcheck in MySQL mysql> select * from radcheck; +----+----------+---------------+----+-------+ | id | UserName | Attribute | op | Value | +----+----------+---------------+----+-------+ | 11 | sql1 | User-Password | == | sql1 | +----+----------+---------------+----+-------+ 1 row in set (0.00 sec) Logging with the user "user1" work fo both TTLS-PAP and PEAP-MS-CHAP-V2 (Tested with wpa_supplicant (both TTLS and PEAP) and MS Windows XP (PEAP)). When i try to authenticate as the user sql1 (which is in the MySQL DB), works for TTLS-PAP but doesn't work with PEAP. Seems that inside the file "users" are handled both PAP and MS-CHAPv2 password, while with MySQL I can use only PAP. The relevant part of the log with radiusd -X is provided below. Thanks to anyone helping with this. auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 8 modcall: group authenticate returns invalid for request 8 auth: Failed to validate the user.
What kind of password have you stored in your db? Alseo the "upper" part of debug info is relevant. Could you post it? Yuri On 10/25/05, Fabio <fabio.ped@libero.it> wrote:
Hi, I am trying to use MySQL to autenticate users of a wireless network, using EAP-TTLS-PAP or PEAP-MS-CHAPv2.
I use the following users file:
user1 User-Password == "user1" DEFAULT Suffix == "@mydomain.org <http://mydomain.org>", Autz-Type := SQL
while I have the following user in radcheck in MySQL
mysql> select * from radcheck; +----+----------+---------------+----+-------+ | id | UserName | Attribute | op | Value | +----+----------+---------------+----+-------+ | 11 | sql1 | User-Password | == | sql1 | +----+----------+---------------+----+-------+ 1 row in set (0.00 sec)
Logging with the user "user1" work fo both TTLS-PAP and PEAP-MS-CHAP-V2 (Tested with wpa_supplicant (both TTLS and PEAP) and MS Windows XP (PEAP)).
When i try to authenticate as the user sql1 (which is in the MySQL DB), works for TTLS-PAP but doesn't work with PEAP. Seems that inside the file "users" are handled both PAP and MS-CHAPv2 password, while with MySQL I can use only PAP.
The relevant part of the log with radiusd -X is provided below.
Thanks to anyone helping with this.
auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 8 modcall: group authenticate returns invalid for request 8 auth: Failed to validate the user.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Yuri Francalacci yuri.francalacci@gmail.com
participants (2)
-
Fabio -
Yuri Francalacci