WLAN 802.1x FreeRadius with LDAP

Christian Poessinger christian at poessinger.com
Mon Nov 28 18:32:55 CET 2005


Zoltan A. Ori wrote:
> On Sunday 27 November 2005 06:52, Christian Poessinger wrote:
>>
>> Yes, I'm trying to use PEAP, I have configured MS-CHAPv1 as
>> described in many Howtos.
>>
>
> MS-CHAP V2 is in the Howtos of PEAP that I have read. In any case,
> there is no mschap info in the tunnel which is indicated in the error
> message:
>
>   rlm_eap_peap: Session established.  Decoding tunneled attributes.
>   rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied
> TLS Alert read:fatal:access denied
> rlm_eap_peap: No data inside of the tunnel.
>
> The error messages in FreeRADIUS are very informative and always
> right on the money in the cases I've experienced.
>
> At this point, I would check to see what my supplicant was configured
> to send and then check my eap.conf to make sure that RADIUS was
> configured to receive it.

OK, i redesigned my CA. I haven't done that xpextensions stuff now i don't
recieve the error above anymore. But now i get a new one :/ Any new ideas?

rlm_ldap: user XXX authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 35
modcall: group authorize returns updated for request 35
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 35
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure, rejecting.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 35
modcall: group authenticate returns invalid for request 35
auth: Failed to validate the user.
Delaying request 35 for 1 seconds
Finished request 35
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.109:6001, id=36,
length=166
Sending Access-Reject of id 36 to xxx.xxx.xxx.109:6001
        EAP-Message = 0x04080004
        Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 2 seconds...





More information about the Freeradius-Users mailing list