PEAP MSCHAPv2 error..
Mark Holmes
mark.holmes at nuffield.ox.ac.uk
Wed Feb 9 19:02:34 CET 2011
Thanks, Alan - got it fixed now.
On 8 Feb 2011, at 21:15, "Alan Buxey" <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
>> Entered bob as username, testing123 as password
>>
>> I get No such realm 'NULL'
>>
>> So added
>>
>> ---------------------
>> realm test {
>> authhost = LOCAL
>> accthost = LOCAL
>> }
>
> realm LOCAL {
> }
>
> realm NULL {
> }
>
>
>> Now I get rejected - the following from the debug output looks relevant
>
> what is your 'users' entry file like for bob?
>
>> [mschapv2] +- entering group MS-CHAP {...}
>> [mschap] Told to do MS-CHAPv2 for bob at test with NT-Password
>> [mschap] FAILED: MS-CHAP2-Response is incorrect
>
> have you edited the modules/mschap file?
>
> mschap {
>
> use_mppe = yes
> require_encryption = yes
> require_strong = yes
> with_ntdomain_hack = yes
> #ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --chal
> lenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
>
> }
>
> do you fire off
>
> preprocess
> suffix
> ntdomain
>
> in that order, in the authorize section of inner-tunnel?
>
>> I'm doing something silly, no doubt - but what? Should this config just work out of the box?
>
> it should do....I'm sure I've recently (sept last year) got a fresh 2.1.x server and slapped
> SoH patches on and it just worked with Win7 client
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list