Problem with Password and MySQL

Fabio fabio.ped at libero.it
Thu Oct 27 13:29:22 CEST 2005


Hi,
I discovered where was the error:

I was also limiting the users that can access at the database using the field "NAS-Identifier". That field was copied in the internal tunnell using "copy_request_to_tunnel = yes" in ttls, but not in PEAP.

==========================================
To the developer:
==========================================
Please document the option "copy_request_to_tunnel" in the peap module in eap.conf.
I see it is supported but not documented as in the ttls module.
Thanks.
==========================================

> What kind of password have you stored in your db?
> Alseo the "upper" part of debug info is relevant. Could you post it?
> Yuri
> 
> 
>  On 10/25/05, Fabio <fabio.ped at libero.it> wrote:
> >
> > Hi,
> > I am trying to use MySQL to autenticate users of a wireless network, using
> > EAP-TTLS-PAP or PEAP-MS-CHAPv2.
> >
> > I use the following users file:
> >
> > user1 User-Password == "user1"
> > DEFAULT Suffix == "@mydomain.org <http://mydomain.org>", Autz-Type := SQL
> >
> > while I have the following user in radcheck in MySQL
> >
> > mysql> select * from radcheck;
> > +----+----------+---------------+----+-------+
> > | id | UserName | Attribute | op | Value |
> > +----+----------+---------------+----+-------+
> > | 11 | sql1 | User-Password | == | sql1 |
> > +----+----------+---------------+----+-------+
> > 1 row in set (0.00 sec)
> >
> > Logging with the user "user1" work fo both TTLS-PAP and PEAP-MS-CHAP-V2
> > (Tested with wpa_supplicant (both TTLS and PEAP) and MS Windows XP (PEAP)).
> >
> > When i try to authenticate as the user sql1 (which is in the MySQL DB),
> > works for TTLS-PAP but doesn't work with PEAP. Seems that inside the file
> > "users" are handled both PAP and MS-CHAPv2 password, while with MySQL I can
> > use only PAP.
> >
> > The relevant part of the log with radiusd -X is provided below.
> >
> > Thanks to anyone helping with this.
> >
> >
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 8
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/peap
> > rlm_eap: processing type peap
> > rlm_eap_peap: Authenticate
> > rlm_eap_tls: processing TLS
> > eaptls_verify returned 7
> > rlm_eap_tls: Done initial handshake
> > eaptls_process returned 7
> > rlm_eap_peap: EAPTLS_OK
> > rlm_eap_peap: Session established. Decoding tunneled attributes.
> > rlm_eap_peap: Received EAP-TLV response.
> > rlm_eap_peap: Tunneled data is valid.
> > rlm_eap_peap: Had sent TLV failure, rejecting.
> > rlm_eap: Handler failed in EAP/peap
> > rlm_eap: Failed in EAP select
> > modcall[authenticate]: module "eap" returns invalid for request 8
> > modcall: group authenticate returns invalid for request 8
> > auth: Failed to validate the user.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> 
> 
> 
> --
> Yuri Francalacci
> yuri.francalacci at gmail.com
> 





More information about the Freeradius-Users mailing list