EAP-PEAP - MSCHAPV2 option not working
Hi, I am trying to authenticate my xsupplicant with freeradius using PEAP option, but seems to fail with the below error message. Complete debug message is attached to the email. [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for peerless with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject I have tried following in my users file David User-Password=="freeradius" ---also David Auth-Type=Local, Password = "freeradius" Both does not seem to work. Please help me. Regards, Dev
On Fri, Mar 26, 2010 at 1:50 AM, dev nath <dev_wip_bms@yahoo.com> wrote:
Hi,
I am trying to authenticate my xsupplicant with freeradius using PEAP option, but seems to fail with the below error message. Complete debug message is attached to the email.
I have tried following in my users file
David User-Password=="freeradius"
you left behind the third option, the only one working: David User-Password :="freeradius" On a side note, in freeradius 2.1.8 I'm having a *hard" time porting a perfectly working pre-2.x.x peap-mschapv2 server to the new freeradius concept. The tls negotiation works but when it comes to mschapv2: Failed to create a new socket for proxying requests. ERROR: Failed to create a new socket for proxying requests. ERROR: Failed inserting request into proxy hash. This server is working on the arbitrary ports 1818 and 1819 for authz + auth and acct. There is another server on the same machine working on the standard ports. What's the usual meaning of these messages? If I know where to look I might solve it without bothering anyone with the complete debug output. I already googled my way through the ML archives for there error messages, without much success. In pre-2.x.x versions of freeradius peap-mschapv2 is handled cleanly and linearly, is there really the need to proxy the inner mschapv2 auth? Am I doing something wrong? Most probably yes. Am I doing something silly? Most probably yes. bye inverse
Hi,
David User-Password=="freeradius"
you left behind the third option, the only one working: David User-Password :="freeradius"
no. the correct one is David Cleartext-Password := "freeradius"
In pre-2.x.x versions of freeradius peap-mschapv2 is handled cleanly and linearly, is there really the need to proxy the inner mschapv2 auth?
only if you break or play with the config. you shouldnt need to proxy the inner-tunnel mschapv2 anywehere - the default server doesnt so you've edited the default config. alan
On Fri, Mar 26, 2010 at 12:54 PM, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
only if you break or play with the config. you shouldnt need to proxy the inner-tunnel mschapv2 anywehere - the default server doesnt so you've edited the default config.
Which is what I did. Thanks for pointing that out I'll begin again from an out of the box config
participants (4)
-
Alan Buxey -
Alan DeKok -
dev nath -
inverse