Problem with Password and MySQL

Tue Oct 25 17:07:47 CEST 2005

Hi,
I am trying to use MySQL to autenticate users of a wireless network, using EAP-TTLS-PAP or PEAP-MS-CHAPv2.

I use the following users file:

user1           User-Password == "user1"
DEFAULT Suffix == "@mydomain.org", Autz-Type := SQL

while I have the following user in radcheck in MySQL

mysql> select * from radcheck;
+----+----------+---------------+----+-------+
| id | UserName | Attribute     | op | Value |
+----+----------+---------------+----+-------+
| 11 | sql1     | User-Password | == | sql1  |
+----+----------+---------------+----+-------+
1 row in set (0.00 sec)

Logging with the user "user1" work fo both TTLS-PAP and PEAP-MS-CHAP-V2 (Tested with wpa_supplicant (both TTLS and PEAP) and MS Windows XP (PEAP)).

When i try to authenticate as the user sql1 (which is in the MySQL DB), works for TTLS-PAP but doesn't work with PEAP. Seems that inside the file "users" are handled both PAP and MS-CHAPv2 password, while with MySQL I can use only PAP.

The relevant part of the log with radiusd -X is provided below.

Thanks to anyone helping with this.

auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure, rejecting.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 8
modcall: group authenticate returns invalid for request 8
auth: Failed to validate the user.