problems authenticating

Alan DeKok aland at
Tue Jul 12 18:26:16 CEST 2005

jck-freeradius at wrote:
> >   Find a RADIUS client that implements MS-CHAPv.
> The native windows XP client uses MS-CHAPv2.  Unless I decide to use 
> a smartcard, the built-in client uses EAP type of PEAP and 
> authentication of MS-CHAP-V2, /only/.

  That's not what I said.

  I said "MSCHAPv2", not "PEAP with MSCHAPv2".  By trying to configure
PEAP + TLS + MSCHAPv2 all at the same time, it's difficult to figure
out what's going wrong.

  A standard technique is "divide and conquer".  Get the pieces
working one by one, and then put the pieces together to get a solution.

> I do not understand how radclient is any different compared to radtest.

  Then read the "man" pages.

>   If I use the src/tests/mschapv1 script as input to radclient, do I
> not need to put some information in for user "Bob" into my SQL
> database?

  That would appear to make sense.

>  I am unsure how I need to change my radiusd.conf or authorization
> backend, to accommodate the script.

  In the default config, you don't have to change anything, other than
telling the server about user "bob" with password "bob".

> If it is MS-CHAP-V2 which is failing, how will testing MS-CHAP-V2 with a
> MS-CHAP client help?  I should see the same error when testing, that I see
> now, correct?

  Because you can now do simple tests without using an XP supplicant.
This means that the test cycle will be faster, and you will solve your
problem faster.

  But if you want to go slowly and be confused, by all means, make the
configuration as complicated as possible, and make the test as
complicated as possible.  You'll have fun getting anything to work the
way you expect.

  Alan DeKok.

More information about the Freeradius-Users mailing list