Fwd: Freeradius 2.2.9 eap/peap problem

Matthew Newton mcn4 at leicester.ac.uk
Sat May 7 23:56:31 CEST 2016

On Sat, May 07, 2016 at 06:54:24PM +0200, Mr Dini wrote:
> At the Git page of the project You told me (my nick is MrDini) to use the
> older freeradius (2.2.9) in my nas. I compiled it and I set up to a mysql
> database, but it sends Access-reject and something like this:
> [peap]     TLS_accept: SSLv3 write server done A
> [peap]     TLS_accept: SSLv3 flush data
> [peap]     TLS_accept: SSLv3 read client certificate A
> [peap]     TLS_accept: Need to read more data: SSLv3 read client key
> exchange A
> [peap]     TLS_accept: Need to read more data: SSLv3 read client key
> exchange A

That's not a problem. It's in the middle of the PEAP tunnel being
built. Completes around line 923.

> Here <http://pastebin.com/TTXY4Ngd> is the full output of the radiusd -X.

You can paste -X output directly to this list. It makes it easier
for everyone.

> Is it a compile error? Or what Do You think, What is that?

No compile problems.

This is your problem. You've not defined the Cleartext-Password
anywhere (lines 1160 on):

[mschapv2] +group MS-CHAP {
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: sqltest
[mschap] Client is using MS-CHAPv2 for sqltest, we need NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] = reject

My guess is you need to do one or more of

 - move "sql" from the default (outer) virtual server to the
   inner-tunnel; or

 - enable "copy_request_to_tunnel" in raddb/eap peap{} section; or

 - put the right data in the radcheck table.

I don't touch sql much, but those should get you in roughly the
right area.

There's nothing wrong with your FreeRADIUS install.


Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list