hi
Tiago Jose Goncalves Lages wrote: > > In my WLAN I use the Orinoco AP2000 Access Points, and they are configured > to do the authentication with a freeRadius Server using the 802.1x > protocol. The Access Point clients are WinXP and authenticate themselves > with chap password. This authentication is always rejected by the server. > When debbuging the freeRadius I get the following message: ok, what are you talking about? 802.1X does not know ANYTHING about CHAP. CHAP is a protocol written and defined for PPP whereas 802.1X defines methods in order to be able NOT to use PPP over local area networks. 802.1X only defines transport for EAP, which is much more general and represents a kind of alternative for CHAP. Do you mean EAP/MD5? In the example you've provided, you seem to use EAP/MD5 whether you are aware of it or not. > EAP-Message = "\002\206\000\n\001steve" > Message-Authenticator = 0x7cdb58060b48171b109623c2173416ac > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not > find proper Chap-Password attribute in request > modcall[authorize]: module "chap" returns noop > modcall[authorize]: module "mschap" returns notfound > rlm_realm: No '@' in User-Name = "steve", looking up realm NULL > rlm_realm: No such realm NULL > modcall[authorize]: module "suffix" returns noop > users: Matched steve at 80 > modcall[authorize]: module "files" returns ok modcall: group authorize > returns ok > rad_check_password: Found Auth-Type Local auth: type Local auth: No > User-Password or CHAP-Password attribute in the request auth: Failed to > validate the user. Delaying request 176 for 1 seconds Finished request 176 if you want to use EAP/MD5, you should configure the eap module in the authorize and authenticate sections, see the EAP/MD5 FAQ on www.freeradius.org/doc/EAP-MD5.html ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
