Alan Buxey A.L.M.Buxey at
Mon Apr 26 15:37:06 CEST 2010


> Info: ++[mschap] returns ok
> Debug: MSCHAP Success
> ----
> So i assume that the auth. against AD is OK

not if you havent done the EAP inner-tunnel stuff yet - unless you mean
basic authorize has completed.

> but then the inner tunnel does something....

well, it tries to

> Mon Apr 26 12:32:15 2010 : Info: [peap] Got tunneled Access-Challenge
> Mon Apr 26 12:32:15 2010 : Info: ++[eap] returns handled
> Sending Access-Challenge of id 0 to port 2051
>         EAP-Message =
> 0x0107005b19001703010050154c3b195ed5a3fa88fd21477529cf86ee7d1d98cf8eb918036ac8aa14cd6f8c66a1836e9ab27087ad7df766d20447dbce1247b6a9ccf6b4376d854978db210db60f9b3578592123a4c5d43a205e8f79
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x3b975d133d90441898602b7c0076958a

it sends a challenge back to the NAS/AP - but nothign else is happening.....
so, either the NAS or the client.  how have you got the AP set up? 802.1X or
WPA-Enterprise? how is the client configured?  to use PEAP/MSCHAPv2 or EAP-TTLS/MSCHAPv2?
got the required certificate installed on the client?


More information about the Freeradius-Users mailing list