Active directory and MS-CHAP Authentication.

Phil Mayers p.mayers at imperial.ac.uk
Wed May 10 11:20:40 CEST 2006


Antonio Matera wrote:
> Hallo, thanks for your answer.
> Now I post all my configuration and log, in this way I suppose that is 
> much easy understand my problem.
> 
> 
> my eap.conf file is:

Your eap.conf is irrelevant because...

> 
> authorize {
>     preprocess
>     mschap
>     suffix
>     #eap
>     files
> }

...you've disabled eap by commenting it out.

Why do people insist on breaking the server? Start with the default 
config and make small changes to work towards what you need. Making 
massive changes without understanding the consequences just breaks it.

> 
> 
> authenticate {
> 
>     Auth-Type CHAP {
>         chap
>     }
>     Auth-Type MS-CHAP {
>         mschap
>     }
> 
>     Auth-Type LDAP {
>         ldap
>     }
> 
>     #eap
> }
> 
> 
> I don't know if I have to insert in the authorize and authenticate 
> module eap. Whitout it I have this log:

Of course you do. How else would EAP work?

> 
> Ready to process requests.
> rad_recv: Access-Request packet from host 192.168.20.4:1645, id=93, 
> length=180
>     User-Name = "create-net\\antonio"
>     Framed-MTU = 1400
>     Called-Station-Id = "0012.dacb.8420"
>     Calling-Station-Id = "000c.f135.f1ba"
>     Cisco-AVPair = "ssid=cn-test"
>     Service-Type = Login-User
>     Message-Authenticator = 0x2f697be434714d8586f8cc481b01874f
>     EAP-Message = 0x02010017016372656174652d6e65745c616e746f6e696f

...and since this is an EAP request, you need eap to work.

This really isn't that hard...



More information about the Freeradius-Users mailing list