WLAN 802.1x FreeRadius with LDAP
Christian Poessinger
christian at poessinger.com
Mon Nov 28 18:32:55 CET 2005
Zoltan A. Ori wrote:
> On Sunday 27 November 2005 06:52, Christian Poessinger wrote:
>>
>> Yes, I'm trying to use PEAP, I have configured MS-CHAPv1 as
>> described in many Howtos.
>>
>
> MS-CHAP V2 is in the Howtos of PEAP that I have read. In any case,
> there is no mschap info in the tunnel which is indicated in the error
> message:
>
> rlm_eap_peap: Session established. Decoding tunneled attributes.
> rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied
> TLS Alert read:fatal:access denied
> rlm_eap_peap: No data inside of the tunnel.
>
> The error messages in FreeRADIUS are very informative and always
> right on the money in the cases I've experienced.
>
> At this point, I would check to see what my supplicant was configured
> to send and then check my eap.conf to make sure that RADIUS was
> configured to receive it.
OK, i redesigned my CA. I haven't done that xpextensions stuff now i don't
recieve the error above anymore. But now i get a new one :/ Any new ideas?
rlm_ldap: user XXX authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 35
modcall: group authorize returns updated for request 35
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 35
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 35
modcall: group authenticate returns invalid for request 35
auth: Failed to validate the user.
Delaying request 35 for 1 seconds
Finished request 35
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.109:6001, id=36,
length=166
Sending Access-Reject of id 36 to xxx.xxx.xxx.109:6001
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 2 seconds...
More information about the Freeradius-Users
mailing list