Need help with EAP-MSCHAPv2 config
Yongqiang He
thehyq at gmail.com
Tue Feb 11 03:11:30 CET 2020
Wow! It works now! Thank you so much, Alan!
On Mon, Feb 10, 2020 at 5:40 PM Alan DeKok <aland at deployingradius.com>
wrote:
> On Feb 10, 2020, at 8:31 PM, Yongqiang He <thehyq at gmail.com> wrote:
> >
> > Here is full output with error connecting from the real client.
>
> As I suggested, there's no call to the "sql" module when the client is
> doing EAP-MSCHAPv2.
>
> > (12) eap: No EAP Start, assuming it's an on-going EAP conversation
> > (12) [eap] = updated
> > (12) } # authorize = updated
>
> It stops here...
>
> When the server receives just MS-CHAPv2, we see:
>
> > (13) [eap] = noop
> > (13) [files] = noop
> > (13) sql: EXPAND %{User-Name}
> > (13) sql: --> testing
>
> See? It calls "files" and "sql" after "eap".
>
> You'll have to edit the "default" virtual server:
>
> # The "updated" check is commented out for compatibility with
> # previous versions of this configuration, but you may wish to
> # uncomment it as well; this will further reduce the number of
> # LDAP and/or SQL queries for TTLS or PEAP.
> #
> eap {
> ok = return
> # updated = return
> }
>
> The above lines are in the default configuration. They work. You
> uncommented the "updated = return" line, which broke EAP-MSCHAPv2.
>
> Comment out that line again. Return it to the default configuration,
> and it will work.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list