Cisco AP, mysql, either MSCHAP or Auth-Type problem i think

Ivan Kalik tnt at kalik.net
Thu Mar 27 13:43:49 CET 2008 

It looks like you haven't configured sql (and password is in the
database).

Ivan Kalik
Kalik Informatika ISP


Dana 27/3/2008, "Mikael Syska" <mikael at syska.dk> piše:

>Hi,
>
>Thanks, that seemed to get me a bit further to the end .... now I got this:
>+----+----------+--------------------+----+-------+
>| id | username | attribute          | op | value |
>+----+----------+--------------------+----+-------+
>|  2 | 44       | Cleartext-Password | := | 4444  |
>+----+----------+--------------------+----+-------+
>
>Here is where its failing:
>++[eap] returns updated
>++[files] returns noop
>++[expiration] returns noop
>++[logintime] returns noop
>++[pap] returns noop
>  WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!
>Cancelling invalid proxy request.
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>+- entering group authenticate
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/mschapv2
>  rlm_eap: processing type mschapv2
>+- entering group MS-CHAP
>  rlm_mschap: No Cleartext-Password configured.  Cannot create LM-Password.
>  rlm_mschap: No Cleartext-Password configured.  Cannot create NT-Password.
>  rlm_mschap: Told to do MS-CHAPv2 for 44 with NT-Password
>  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
>  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
>++[mschap] returns reject
>  rlm_eap: Freeing handler
>++[eap] returns reject
>auth: Failed to validate the user.
>Login incorrect: [44/<via Auth-Type = EAP>] (from client ap30 port 0)
>  PEAP: Tunneled authentication was rejected.
>  rlm_eap_peap: FAILURE
>++[eap] returns handled
>        EAP-Message =
>0x010b002b190017030100206f04599b56f9940737b9c497b35f5f64e78bceb46ce824932fe2d58d5d3850de
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x5856f36f505dea9c1496d5ca0872b221
>Finished request 20.
>Going to the next request
>Waking up in 3.9 seconds.
>
>So ... what do I need to set ... I'm not sure were I can read about
>this, so this mailing list is my only hope ... :-) Maybe its something
>about what Alan wrote:
>
>>hi,
>>
>>trying to authenticate Vista against a plain password?  PEAP doesnt
>>work like this. you could put an NThash into the database instead..
>>or try using SecureW2 or other asupplicant that does EAP-TTLS/PAP
>>alan
>
>But I'm not sure ... its still all very new to me ...
>
>If you need more information, just say so ... and I will get it.
>
>best regards
>Mikael Syska
>
>On Thu, Mar 27, 2008 at 6:38 AM, Alan DeKok <aland at deployingradius.com> wrote:
>> Mikael Syska wrote:
>>  > I'm using default setup, only uncomment the sql in the default "sites-enabled"
>>  >
>>  > Running version: 2.0.3
>>
>>   I think you have to copy "sites-available/inner-tunnel" from the tar
>>  file to /etc/raddb.  It isn't installed by default in 2.0.3, but it *is*
>>  referenced.  Sorry...
>>
>>   This is fixed in CVS head.
>>
>>   Alan DeKok.
>>  -
>>  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list