Getting PEAP/MSChap-v2 working with Cisco AP1231G Access points.
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri Sep 14 15:16:37 CEST 2007
Hi,
> I have been using FreeRADIUS for some time now to do simple MAC
> authentication for the original implementation of our wireless network.
> This of course was a temporary solution and I am trying to move all of the
> users over to PEAP Authentication.
okay. you'd be much better off with recent version of the server/daemon..but
still.
by the looks of it, almost everything is fine - barring the final check
of the use r- HOW are you attempting to authorise the users? I ask because
the main issue i see from debug is
> rlm_eap: EAP/mschapv2
> rlm_eap: processing type mschapv2
> Processing the authenticate section of radiusd.conf
> modcall: entering group MS-CHAP for request 8
> rlm_mschap: No User-Password configured. Cannot create LM-Password.
> rlm_mschap: No User-Password configured. Cannot create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for C12660 with NT-Password
> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
> modcall[authenticate]: module "mschap" returns reject for request 8
> modcall: leaving group MS-CHAP (returns reject) for request 8
> rlm_eap: Freeing handler
this means the inner tunnel part of the PEAP (MSCHAPv2) is failing because
it knows not the way of dealing with the password supplied (if any!)
so, you can either put a password into a DB or plain file (users) or
you can use eg ntlm_auth to so a challenge response check
alan
More information about the Freeradius-Users
mailing list