Lefteris St <[EMAIL PROTECTED]> wrote: > I noticed someone else having from with TLV i am not > sure what that is, but i got a > > rlm_eap_peap: Had sent TLV failure, rejecting. > > Any hints there?
PLEASE read the ENTIRE debugging output. I know it's large, but it's the ONLY WAY to see what's going on. In this case, we have: > rlm_eap_peap: EAPTLS_OK > rlm_eap_peap: Session established. Proceeding to decode tunneled attributes. > > rlm_eap_peap: Identity - tester4 > rlm_eap_peap: Tunneled data is valid. > PEAP: Got tunneled EAP-Message > EAP-Message = 0x0207000c0174657374657234 > PEAP: Got tunneled identity of tester4 > PEAP: Setting default EAP type for tunneled EAP session. > PEAP: Sending tunneled request > EAP-Message = 0x0207000c0174657374657234 > Freeradius-Proxied-To = 127.0.0.1 > User-Name = "tester4" So the tunneled data is OK. A little while later, we see: > modcall: entering group authenticate for request 7 > rlm_eap: EAP Identity > rlm_eap: No such EAP type 26 Which would appear to be a problem. It continues with: > modcall[authenticate]: module "eap" returns invalid for request 7 > modcall: group authenticate returns invalid for request 7 > auth: Failed to validate the user. > PEAP: Got tunneled reply RADIUS code 3 > EAP-Message = 0x04070004 > Message-Authenticator = 0x00000000000000000000000000000000 > PEAP: Tunneled authentication was rejected. > rlm_eap_peap: FAILURE Which would appear to mean that the authentication failed. Much later, we see the message you were concerned about. Again, reading only the LAST few lines of the debugging output is insufficient. The problem is that you told the server to do EAP-PEAP, but you did *not* enable the 'mschapv2' sub-module for 'eap'. The default configuration shipped with the server DOES enable this by default. Please don't change it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
