freeradius with TTLS - MSCHAPV2 authentication
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu May 18 13:45:32 CEST 2006
Hi,
> Im using the D-Link client card with the odyssey client manager.
>
> Im trying to connect to the wlan configured with 802.1x authetication & the
> radius server used for authetication is freeradius-1.1.1.
>
> Eap-Type : TTLS
> Auth-Type : MS-CHAPV2
>
> When the MU sends an access request, the radius server replies back with
> the Access-Reject code ( 3 ). Im not able to figure out what the problem
> is.. ??
>
> Does the freeradius support this eap & auth types ??
>
> Note : Im using the default eap.conf file with smaller changes. Like default
> eap type is changed to TTLS. And default auth type for TTLS is mschapv2.
>
> Please let me know if you have any idea.
yes. FreeRADIUS happily does EAP-TTLS with MS-CHAPv2 - but what are you doing the
authentication against in this instance? to successfully use the resulting
NTLM queries you need to configure the ntlm_auth section of radius configs
and make sure that you are happily talking to the authentication system...eg
use winbindd with a SAMBA that is bound to your AD.
otherwise you are sending password requests etc to your FR which it cannot deal
with. as soon as you move to MS-CHAPv2 etc you can no longer use User-Passwords
or Crypt-Passwords etc in plain files or SQLs.
PS this is a freeradius-user question, not a freeradius-developer question
alan
More information about the Freeradius-Devel
mailing list