FR 2.0.3, WinXP, PEAP and mschapv2
Michael Schwartzkopff
misch at multinet.de
Fri Apr 4 09:17:55 CEST 2008
Hi,
I have a problem configuring wireless 802.1x authentication with FR and a
Windows client. I use version FR 2.0.3 and think I configured everything
quite well.
FR sends out the Access-Challenge but my windows client does not answer it. I
recreated the default certificates to be sure that the nessesary OIDs (see
xpentenstions) are included. But still no success. Any idea? Thanks.
--
Config:
modules {
pap {
auto_header = no
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
radwtmp = ${logdir}/radwtmp
}
$INCLUDE eap.conf
mschap {
authtype=MS-CHAP
use_mppe=yes
require_encryption = yes
require_strong = yes
}
$INCLUDE sites-enabled/
eap.conf:
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
certdir=/usr/local/etc/raddb/certs
cadir=/usr/local/etc/raddb/certs
private_key_password = whatever
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
peap {
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
mschapv2 {
}
}
sites-enabled/default.conf
authorize {
preprocess
chap
mschap
suffix
eap {
ok = return
}
unix
files
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschapv2
}
unix
eap
}
Thanks for any hint.
Michael Schwartzkopff
More information about the Freeradius-Users
mailing list