Need help with EAP-MSCHAPv2 config

Yongqiang He thehyq at gmail.com
Tue Feb 11 03:11:30 CET 2020


Wow! It works now! Thank you so much, Alan!

On Mon, Feb 10, 2020 at 5:40 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Feb 10, 2020, at 8:31 PM, Yongqiang He <thehyq at gmail.com> wrote:
> >
> > Here is full output with error connecting from the real client.
>
>   As I suggested, there's no call to the "sql" module when the client is
> doing EAP-MSCHAPv2.
>
> > (12) eap: No EAP Start, assuming it's an on-going EAP conversation
> > (12)     [eap] = updated
> > (12)   } # authorize = updated
>
>   It stops here...
>
>   When the server receives just MS-CHAPv2, we see:
>
> > (13)     [eap] = noop
> > (13)     [files] = noop
> > (13) sql: EXPAND %{User-Name}
> > (13) sql:    --> testing
>
>   See?  It calls "files" and "sql" after "eap".
>
>   You'll have to edit the "default" virtual server:
>
>         #  The "updated" check is commented out for compatibility with
>         #  previous versions of this configuration, but you may wish to
>         #  uncomment it as well; this will further reduce the number of
>         #  LDAP and/or SQL queries for TTLS or PEAP.
>         #
>         eap {
>                 ok = return
> #               updated = return
>         }
>
>   The above lines are in the default configuration.  They work.  You
> uncommented the "updated = return" line, which broke EAP-MSCHAPv2.
>
>   Comment out that line again.  Return it to the default configuration,
> and it will work.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list