Need help with EAP-MSCHAPv2 config
Alan DeKok
aland at deployingradius.com
Tue Feb 11 02:40:17 CET 2020
On Feb 10, 2020, at 8:31 PM, Yongqiang He <thehyq at gmail.com> wrote:
>
> Here is full output with error connecting from the real client.
As I suggested, there's no call to the "sql" module when the client is doing EAP-MSCHAPv2.
> (12) eap: No EAP Start, assuming it's an on-going EAP conversation
> (12) [eap] = updated
> (12) } # authorize = updated
It stops here...
When the server receives just MS-CHAPv2, we see:
> (13) [eap] = noop
> (13) [files] = noop
> (13) sql: EXPAND %{User-Name}
> (13) sql: --> testing
See? It calls "files" and "sql" after "eap".
You'll have to edit the "default" virtual server:
# The "updated" check is commented out for compatibility with
# previous versions of this configuration, but you may wish to
# uncomment it as well; this will further reduce the number of
# LDAP and/or SQL queries for TTLS or PEAP.
#
eap {
ok = return
# updated = return
}
The above lines are in the default configuration. They work. You uncommented the "updated = return" line, which broke EAP-MSCHAPv2.
Comment out that line again. Return it to the default configuration, and it will work.
Alan DeKok.
More information about the Freeradius-Users
mailing list