EAP-MSChapv2 authentication

Christopher, Paul Paul.Christopher at xerox.com
Tue Sep 12 16:50:17 CEST 2006 

I have a device that uses EAP-MSCHAPv2 (without PEAP) for authentication. I am running freeRadius on Redhat. The device is plugged into a switch which sends the EAP request to the server. I am unable to get the device authenticated with the Radius server. In the users file should the Auth-type be local or MS-Chap? Should I be sending the authentication request to an NT domain or will the username and password in the user file be sufficient? 
Any documentation or insight would be very helpful and greatly appreciated! Below is the radius debug output.
Thanks, Paul.
 
 
 
 
 
rad_recv: Access-Request packet from host 13.138.136.68:1645, id=226, length=127        NAS-IP-Address = 13.138.136.68
        NAS-Port = 50003
        NAS-Port-Type = Ethernet
        User-Name = "tester"
        Called-Station-Id = "00-0A-B8-39-79-85"
        Calling-Station-Id = "00-00-AA-6E-78-F6"
        Service-Type = Framed-User
        Framed-MTU = 1500
        EAP-Message = 0x0201000b01746573746572
        Message-Authenticator = 0x7836b28d762411aa9dcd27ff0d70d047
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
  modcall[authorize]: module "preprocess" returns ok for request 8
  modcall[authorize]: module "chap" returns noop for request 8
  modcall[authorize]: module "mschap" returns noop for request 8
    rlm_realm: No '@' in User-Name = "tester", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 8
  rlm_eap: EAP packet type response id 1 length 11
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 8
    users: Matched entry tester at line 82
  modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 8 for 1 seconds
Finished request 8

 
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient(s) please contact the sender by reply e-mail and destroy all copies of the original message. Thank you
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060912/5b95325f/attachment.html>

More information about the Freeradius-Users mailing list