freeradius 1.1.4 + LDAP + PEAP/mschapv2

[Baptiste Delporte]

Hi all !

After installing Freeradius 1.1.4, I am trying to set it up to 
authenticate users with a LDAP database using PEAP + eap/mschapv2.

Freeradius seems to work fine for most users, but for a few people I get 
this error in my log file :

/Mon Feb 19 09:30:07 2007 : Info: rlm_eap_tls:  Length Included
Mon Feb 19 09:30:07 2007 : Error:     TLS_accept:error in SSLv3 read 
client certificate A
Mon Feb 19 09:30:07 2007 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Feb 19 09:30:07 2007 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Mon Feb 19 09:30:07 2007 : Info: rlm_eap_tls:  Length Included
Mon Feb 19 09:30:07 2007 : Info:     (other): SSL negotiation finished 
successfully
Mon Feb 19 09:30:07 2007 : Error: rlm_eap: SSL error 
error:00000000:lib(0):func(0):reason(0)
Mon Feb 19 09:30:07 2007 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Mon Feb 19 09:30:07 2007 : Info: rlm_eap_mschapv2: Issuing Challenge
Mon Feb 19 09:30:08 2007 : Error: rlm_mschap: Invalid LM-Password
Mon Feb 19 09:30:08 2007 : Error: rlm_mschap: Invalid NT-Password
Mon Feb 19 09:30:08 2007 : Auth: Login incorrect: [********]

/Authentication works perfectly with the same config files (eap.conf, 
radiusd.conf,users...) with an older version (1.0.1 and even 1.1.3) of 
freeradius on the same server.

I've made tests with EAP-TTLS, and in that case authentication also 
works fine for everyone.

In both cases, I get this line when I run freeradius in debug mode :

/rlm_pap: WARNING! No "known good" password found for the user.  
Authentication may fail because of this.

/And I can't find if there's a link between that warning and the 
authentication failure for some of my users.

Thanks for your help.


-- 
Ce message a été vérifié par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a été trouvé.
MailScanner remercie transtec pour son soutien.