Freeradius 2.2.9 eap/peap problem

Mr Dini diniboy74 at gmail.com
Sun May 8 00:47:34 CEST 2016


Oh wao! :) It works if I change the Cleartext-Password to Password and I
leave blank the operator. But why? I think the Cleartext-Password is
better...
2016.05.08. 0:39, "Mr Dini" <diniboy74 at gmail.com> ezt írta:

> Hi!
>
> Thanks for Your quick reply!
>
> My sql config is the following:
>
> id: 1, username: guest, attribute: Cleartext-Password, op: :=, value:
> guest1234
>
> And just for testing I also created a testuser named user.
>
> But it not works with eap (but the radtest gives me Access-accept, only
> the eap not works)... If I create the user in the users file, and I specify
> the Auth-Type, it works. For example:
>
> testuser   Auth-Type := EAP, Cleartext-Password := "passwd"
>
> Thanks!
> 2016.05.07. 23:56, "Matthew Newton" <mcn4 at leicester.ac.uk> ezt írta:
>
>> On Sat, May 07, 2016 at 06:54:24PM +0200, Mr Dini wrote:
>> > At the Git page of the project You told me (my nick is MrDini) to use
>> the
>> > older freeradius (2.2.9) in my nas. I compiled it and I set up to a
>> mysql
>> > database, but it sends Access-reject and something like this:
>> >
>> > [peap]     TLS_accept: SSLv3 write server done A
>> > [peap]     TLS_accept: SSLv3 flush data
>> > [peap]     TLS_accept: SSLv3 read client certificate A
>> > [peap]     TLS_accept: Need to read more data: SSLv3 read client key
>> > exchange A
>> > [peap]     TLS_accept: Need to read more data: SSLv3 read client key
>> > exchange A
>>
>> That's not a problem. It's in the middle of the PEAP tunnel being
>> built. Completes around line 923.
>>
>> > Here <http://pastebin.com/TTXY4Ngd> is the full output of the radiusd
>> -X.
>>
>> You can paste -X output directly to this list. It makes it easier
>> for everyone.
>>
>> > Is it a compile error? Or what Do You think, What is that?
>>
>> No compile problems.
>>
>> This is your problem. You've not defined the Cleartext-Password
>> anywhere (lines 1160 on):
>>
>> [mschapv2] +group MS-CHAP {
>> [mschap] No Cleartext-Password configured.  Cannot create LM-Password.
>> [mschap] No Cleartext-Password configured.  Cannot create NT-Password.
>> [mschap] Creating challenge hash with username: sqltest
>> [mschap] Client is using MS-CHAPv2 for sqltest, we need NT-Password
>> [mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
>> [mschap] FAILED: MS-CHAP2-Response is incorrect
>> ++[mschap] = reject
>>
>> My guess is you need to do one or more of
>>
>>  - move "sql" from the default (outer) virtual server to the
>>    inner-tunnel; or
>>
>>  - enable "copy_request_to_tunnel" in raddb/eap peap{} section; or
>>
>>  - put the right data in the radcheck table.
>>
>> I don't touch sql much, but those should get you in roughly the
>> right area.
>>
>> There's nothing wrong with your FreeRADIUS install.
>>
>> Matthew
>>
>>
>> --
>> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>>
>> Systems Specialist, Infrastructure Services,
>> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>>
>> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>


More information about the Freeradius-Users mailing list