Freeradius + PEAP.. stuck on validating identity..
Alan DeKok
aland at deployingradius.com
Thu Apr 1 17:57:41 CEST 2010
Bruno Kremel wrote:
> I am posting full log with first is radtest accepted and others are
> failde login from wifi client with 2 different accounts...
>
> FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Mar 29
> 2010 at 15:58:09
You should probably upgrade to 2.1.8. It has a lot of fixes &&
features over 2.0.4.
> server inner-tunnel {
> +- entering group authorize
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
> rlm_realm: No '@' in User-Name = "123", looking up realm NULL
> rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> rlm_eap: EAP packet type response id 8 length 62
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
And no "sql". Edit raddb/sites-available/inner-tunnel, and add "sql"
to the "authorize" section. It's already there, so you likely just have
to uncomment it.
> rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
> rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for 123 with NT-Password
> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Yup. No "known good" password means no authentication.
You could also try: http://networkradius.com/freeradius.html
This lets you cut && paste the debug output into a form. The response
is a colorized HTML page indicating common errors, and things you should
look into. It won't catch this problem, but it will highlight the fact
that there was no "known good" password for the user.
Alan DeKok.
More information about the Freeradius-Users
mailing list