FreeRADIUS Issue -

Nandkumar Palkar nkpalkar at gmail.com
Tue Oct 16 09:09:14 CEST 2012 

Hi Alan,

My configuration details:

1. my configuration is - EAP, TTLS, LDAP, Perl

2. Sending "username + OTP" and "LDAP password" as input credentials

3. Virtual servers has: "Default" and "inner-tunnel"
*Authorize:*
preprocess
chap
mschap
suffix
eap {
    ok = return
  }
perl
files
ldap
pap

*Authenticate:*

Auth-Type PAP {
    pap
  }
Auth-Type CHAP {
    chap
  }
Auth-Type MS-CHAP {
    mschap
  }
  Auth-Type EAP{
    perl
    eap
  }

4. Perl module is calling script "example.pl", in this "Authorize" section
of script I'm separating username and OTP and sending OTP for validation.
=> Rusult = Succeed

5. LDAP uses username from perl module and goes for authentication =>
Result = Succeed

6. In Authentication section of Virtual servers:
Perl module script "authentication section" sets original username i.e.
"username + otp" again to "User-Name" attribute and then proceed for EAP
auth-type.
Auth-Type EAP{
    perl
    eap
  }
=> *Result = Failed*

Found Auth-Type = MSCHAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username:
user1vvtntkjkckvediucfvvrcneucuklvdecturjdjfkgnrg
[mschap] Told to do MS-CHAPv2 for
user1vvtntkjkckvediucfvvrcneucuklvdecturjdjfkgnrg with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.

Please help.

Thanks and best regards,
Nand.


On Mon, Oct 15, 2012 at 8:01 PM, Alan DeKok <aland at deployingradius.com>wrote:

> Nandkumar Palkar wrote:
> > Hi Alan,
> >
> > I'm facing the issue with configuration EAP-TTLS, LDAP and Perl and
> > using test client as "eapol_test".
> >
> > Please find the debug logs below:
>
>   You need to read it.  It isn't hard.
>
>   You highlighted in red the *wrong* piece.  Look at the debug messages
> before that.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 

Regards,

Nandkumar Palkar
Mob: 9967024237
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121016/159b03a6/attachment-0001.html>

More information about the Freeradius-Users mailing list