PEAP/mschapv2 fails first time
Alan DeKok
aland at ox.org
Sat Jul 9 06:46:28 CEST 2005
"Graham, Robert" <rgraham at mem-ins.com> wrote:
> I FINALLY got a user to authenicate against Active Directory via
> freeradius using PEAP and mschapv2. but I still have one issue. When
> the user first logons, the authenication fails. Approximately 60
> seconds later the client tries to re-authenicate and it is succesful.
> The client (supplicant) is usingaegis client and both logon and desktop
> profiles are the same. Any ideas?
The debug log, even though it's large, contains the answers. Look
for words like "invalid", or "reject', or "fail".
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack alert
> eaptls_verify returned 4
> eaptls_process returned 4
> rlm_eap_peap: EAPTLS_OTHERS
> rlm_eap: Handler failed in EAP/peap
> rlm_eap: Failed in EAP select
> modcall[authenticate]: module "eap" returns invalid for request 5
> modcall: group authenticate returns invalid for request 5
> auth: Failed to validate the user.
That would seem to say that something went wrong. It's not clear
why.
Alan DeKok.
More information about the Freeradius-Users
mailing list