eap/peap-mschap-v2 users file and check items

Alan DeKok aland at nitros9.org
Mon Jul 3 18:08:48 CEST 2006

Sascha Lucas <slu at dmc.de> wrote:
> The users file for working peap-mschap-v2 looks this way:
> test Auth-Type := EAP, User-Password == "abc123"

  No, it doesn't.  If you did that, you didn't read the documentation.

  Don't set Auth-Type.  It's NOT necesary.

  And use := for User-Password, not ==.

> And I want it also to check for NAS-IP and NAS-Port. Doing local tests (non
> eap with radiusclient) this line works:
> test Auth-Type := Local, User-Password == "abc123", NAS-IP-Address ==
>, NAS-Port == 20

  Once again, the same comments apply.

> it dosn't work. The output of radiusd -X is at the end of this mail.

  It doesn't work because of the previous comments.

  What you've done in your configuration is to force EAP-MSCHAP-v2 to
work, and then force clear-text passwords to work.  By doing that,
you've forced all OTHER authentication methods to not work.  Then, you
tested with PEAP, and it didn't work....

  Alan DeKok.

More information about the Freeradius-Users mailing list