Problems getting eap-mschapv2 working.
Ian Walker
scatmanwalks at gmail.com
Mon Sep 4 08:06:09 CEST 2006
>
> > Did you generate the certificates that are mentioned there? The one's
> that ship with the server > are expired, you have to generate your
> own certificate.
>
I generated the certificates myself, these are working fine. I can use md5
no problem, but peap complains about mschapv2.
> What version of FreeRADIUS. Version 1.1.1 fixed alot of little PEAP
> things.
> > Version 1.1.3 of course is what you should be running.
>
Using the latest version 1.1.3, compiled with all options enabled.
> Also, it looks like your actual problem is that you have re-written the
eap section... and missed > >a Paren
They are all there, checked this morning, nothing missing.
> > This is Mine. In yours you have included mschapv2 inside of PEAP. It
> is its own section,
>
> outside of the PEAP section.
I did have it like this originally, and it still didn't work.
Any ideas appreciated.
>
> ------------------------------
> *From:* freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.org[mailto:
> freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.org] *On
> Behalf Of *Ian Walker
> *Sent:* Friday, September 01, 2006 8:36 AM
> *To:* freeradius-users at lists.freeradius.org
> *Subject:* Problems getting eap-mschapv2 working.
>
> Been trying to get eap working with peap/mschapv2 but it doesn't seem to
> work.
>
> This is my radiusd.conf file:
>
> prefix = /usr/local
> exec_prefix = ${prefix}
> sysconfdir = ${prefix}/etc
> localstatedir = /var/run
> sbindir = ${exec_prefix}/sbin
> logdir = /var/log
> raddbdir = ${sysconfdir}/raddb
> radacctdir = ${logdir}/radacct
> confdir = ${raddbdir}
> run_dir = ${localstatedir}/radiusd
> log_file = ${logdir}/radius.log
> libdir = ${exec_prefix}/lib
> pidfile = ${run_dir}/radiusd.pid
> max_request_time = 30
> delete_blocked_requests = no
> cleanup_delay = 5
> max_requests = 1024
> bind_address = *
> port = 0
> hostname_lookups = no
> allow_core_dumps = no
> regular_expressions = yes
> extended_expressions = yes
> log_stripped_names = no
> log_auth = no
> log_auth_badpass = no
> log_auth_goodpass = no
> usercollide = no
> lower_user = no
> lower_pass = no
> nospace_user = no
> nospace_pass = no
> checkrad = ${sbindir}/checkrad
> security {
> max_attributes = 200
> reject_delay = 1
> status_server = no
> }
>
> $INCLUDE ${confdir}/clients.conf
>
> thread pool {
> start_servers = 5
> max_servers = 32
> min_spare_servers = 3
> max_spare_servers = 10
> max_requests_per_server = 0
> }
>
> modules {
> eap {
> default_eap_type = md5
> timer_expire = 60
> md5 {
> }
> tls {
> private_key_password =
> private_key_file = /usr/local/etc/raddb/new.cert.key
> certificate_file = /usr/local/etc/raddb/new.cert.cert
> CA_file = /usr/local/etc/raddb/cacert.pem
> dh_file = /dev/urandom
> random_file = /dev/urandom
> fragment_size = 1024
> include_length = yes
> }
> peap {
> default_eap_type = mschapv2
> mschapv2 {
> authtype = mschapv2
> use_mppe = yes
> require_encryption = yes
> require_strong = yes
> }
> }
> }
>
> files {
> usersfile = ${confdir}/users
> compat = no
> }
> exec cerb {
> wait = yes
> program = "/usr/local/bin/cerbauth -e freeradius"
> input_pairs = request
> output_pairs = reply
> }
> preprocess {
> }
> }
>
> authorize {
> preprocess
> eap
> files
> }
>
> authenticate {
>
> Auth-Type eap {
> eap
> }
>
> Auth-Type CERB {
> cerb
> }
> }
>
>
> as you can see, I'm currently working with md5 and this works perfectly
> well. But when I set the client and configure the server to default for
> peap/tls, then it fails saying:
>
> "No such EAP type mschapv2"
>
> I believe if I can get passed this, that my system will authenticate with
> peap/mschapv2 successfully.
>
> Hope you can help.
>
> Regards
>
>
> Ian
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060904/0e49750c/attachment.html>
More information about the Freeradius-Users
mailing list