FreeRadius 2.1.1 with PEAP- EAP-MD5

tnt at kalik.net tnt at kalik.net
Thu Nov 6 10:50:37 CET 2008


Error is earlier in the debug. Post the whole thing and I'll point it
out. I think that this is a bug.

Ivan Kalik
Kalik Informatika ISP


Dana 6/11/2008, "Queenie de Melo" <queenie245 at gmail.com> piše:

>Hi All,
>
>I have been trying to configure PEAP with EAP -MD5 but i juat cannot get it
>to work.
>
>TTLS with EAP -MD5 workes fine.
>Also PEAP with Token card(gtc) and MSCHAPv2 works fine.
>
>What I tried is...
>1. When I *comment out MSCHAPv2* in the eap.conf file and I try with the
>client being in PEAP EAP-MSCHAPv2, then I get a REJECT as below.
>2.When I *comment out MD5* in the eap.conf file and try with the client
>being in PEAP EAP MD5, then I get the same REJECT message as below
>3. When *I dont comment out MD5(MD5 is enabled)* in the eap.conf file and
>try with the client being in PEAP EAP MD5, then I get the same REJECT
>message as below
>
>In all the above three cases, I seem to be getting the same Reject message
>as below:
>
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "queenie", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 9 length 72
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/peap
>[eap] processing type peap
>[peap] processing EAP-TLS
>[peap] eaptls_verify returned 7
>[peap] Done initial handshake
>[peap] eaptls_process returned 7
>[peap] EAPTLS_OK
>[peap] Session established.  Decoding tunneled attributes.
>[peap] Received EAP-TLV response.
>[peap]  Had sent TLV failure.  User was rejected earlier in this session.
>[eap] Handler failed in EAP/peap
>[eap] Failed in EAP select
>++[eap] returns invalid
>Failed to authenticate the user.
>Using Post-Auth-Type Reject
>+- entering group REJECT {...}
>[attr_filter.access_reject]     expand: %{User-Name} -> queenie
> attr_filter: Matched entry DEFAULT at line 11
>++[attr_filter.access_reject] returns updated
>Delaying reject of request 8 for 1 seconds
>Going to the next request
>Waking up in 0.9 seconds.
>Sending delayed reject for request 8
>Sending Access-Reject of id 9 to 192.168.5.200 port 1024
>        EAP-Message = 0x04090004
>        Message-Authenticator = 0x00000000000000000000000000000000
>Waking up in 3.5 seconds.
>Cleaning up request 0 ID 1 with timestamp +79
>Cleaning up request 1 ID 2 with timestamp +79
>Cleaning up request 2 ID 3 with timestamp +79
>Cleaning up request 3 ID 4 with timestamp +79
>Waking up in 0.2 seconds.
>Cleaning up request 4 ID 5 with timestamp +79
>Cleaning up request 5 ID 6 with timestamp +79
>Cleaning up request 6 ID 7 with timestamp +79
>Cleaning up request 7 ID 8 with timestamp +79
>Waking up in 1.0 seconds.
>Cleaning up request 8 ID 9 with timestamp +79
>Ready to process requests.
>
>*Is it possible that in the eap.conf file, the MD5 does not get enabled
>under PEAP? Cause MD5 does work fine with TTLS for me. *
>
>Pl help!
>
>Regards,
>Queenie
>
>




More information about the Freeradius-Users mailing list