freeradius 2.0.4 and peap

Ivan Kalik tnt at kalik.net
Fri May 2 14:01:21 CEST 2008


You have experlty deleted all the relevant information from the debug and
your configuration. Post the complete debug.

Ivan Kalik
Kalik Informatika ISP


Dana 2/5/2008, "Manuel Sánchez Cuenca" <msc at dif.um.es> piše:

>Hello all,
>
>I have installed freeradius 2.0.4 and now I'm trying to configure peap.
>
>When I try to connect using a Windows XP laptop, the server rejects the
>user.
>
>The log shows this information:
>
>  rlm_eap: processing type mschapv2
>+- entering group MS-CHAP
>  rlm_mschap: No Cleartext-Password configured.  Cannot create LM-Password.
>  rlm_mschap: No Cleartext-Password configured.  Cannot create NT-Password.
>  rlm_mschap: Told to do MS-CHAPv2 for lolo with NT-Password
>  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
>  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
>++[mschap] returns reject
>  rlm_eap: Freeing handler
>++[eap] returns reject
>auth: Failed to validate the user.
>Login incorrect: [lolo/<via Auth-Type = EAP>] (from client dame-ap port
>0 via TLS tunnel)
>  PEAP: Tunneled authentication was rejected.
>
>
>The configuration files are the following:
>
>* eap.conf
>
>        eap {
>              default_eap_type = peap
>              . . .
>              tls {
>                        private_key_password = srvpwd
>                        private_key_file = ${certdir}/server.pem
>                        certificate_file = ${certdir}/server.pem
>                        CA_file = ${cadir}/ca.pem
>                        . . .
>               }
>               peap {
>                        default_eap_type = mschapv2
>                        copy_request_to_tunnel = no
>                        use_tunneled_reply = no
>                        virtual_server = "inner-tunnel"
>                }
>                mschapv2 {
>                }
>
>
>* users
>         lolo     Cleartext-Password := "password"
>
>* sites-enabled/default
>          authorize {
>              eap {
>                  ok = return
>              }
>              ...
>         }
>         authenticate {
>             eap
>              ...
>         }
>          ...
>
>Can anybody help me?
>
>Thanks in advance.
>
>-- 
>-----------------------------
>Manuel Sanchez Cuenca
>Departamento de Ingenieria de la Informacion y las Comunicaciones
>Departamento de Ingeniería y Tecnología de Computadores
>Facultad de Informatica. Universidad de Murcia
>Campus de Espinardo - 30080 Murcia (SPAIN)
>Tel.: +34-968-364644    Fax: +34-968-364151
>email: msc at dif.um.es  |  manuelsc at um.es
>url: http://webs.um.es/manuelsc
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list