Activated the TTLS module:
ttls {
default_eap_type = md5
use_tunneled_reply = no
}
and it's all.
Lionel Gavage
-----Message d'origine-----
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] la part de Jos�
Luis Solano
Envoy� : lundi 9 f�vrier 2004 17:03
� : [EMAIL PROTECTED]
Objet : Re: Freeradius PEAP Problems
Hi Lionel!!!!!!!!!!!!!!
I would need your help because I use EAP-TLS, EAP-TTLS and PEAP. The first
one, TLS run OK, but TTLS and PEAP don't run OK. My first target now is run
TTLS and I will run PEAP after. So, can you help me please?. Currently, my
radiusd.conf is:
--------------------
# Extensible Authentication Protocol
#
# For all EAP related authentications
eap {
# Invoke the default supported EAP type when
# EAP-Identity response is received
default_eap_type = tls
# Default expiry time to clean the EAP list,
# It is maintained to co-relate the
# EAP-response for each EAP-request sent.
timer_expire = 60
# Supported EAP-types
#md5 {
#}
## EAP-TLS is highly experimental EAP-Type at the moment.
# Please give feedback on the mailing list.
tls {
private_key_password = izadisan
private_key_file =
/usr/local/openssl/ssl/certs/server/server.pem
# If Private key & Certificate are located in the
# same file, then private_key_file & certificate_file
# must contain the same file name.
certificate_file =
/usr/local/openssl/ssl/certs/server/server.pem
# Trusted Root CA list
CA_file = /usr/local/openssl/ssl/certs/ca/ca.crt
dh_file = /usr/local/openssl/ssl/certs/dh
random_file = /usr/local/openssl/ssl/certs/random
#
# This can never exceed MAX_RADIUS_LEN (4096)
# preferably half the MAX_RADIUS_LEN, to
# accomodate other attributes in RADIUS packet.
# On most APs the MAX packet length is configured
# between 1500 - 1600. In these cases, fragment
# size should be <= 1024.
#
fragment_size = 600
# include_length is a flag which is by default set to
yes
# If set to yes, Total Length of the message is
included
# in EVERY packet we send.
# If set to no, Total Length of the message is
included
# ONLY in the First packet of a fragment series.
#
include_length = yes
}
}
------------------------------
What changes I need to use TTLS?
Thanks in advance Lionel!!!!!!!
Jos� Luis Solano
SGI - Soluciones Globales Internet S.A.
Delegaci�n Regional Sur
[EMAIL PROTECTED]
(+34) 954.088.060
----- Original Message -----
From: "Lionel Gavage" <[EMAIL PROTECTED]>
To: "freeradius-users" <[EMAIL PROTECTED]>
Sent: Monday, February 09, 2004 4:23 PM
Subject: Freeradius PEAP Problems
> Hi,
>
> I use FreeRadius snapshot 20040129 with EAP/TLS EAP/TTLS and EAP/PEAP.
> I try to set up PEAP/MS-CHAPv2 but i've the error "rlm_mschap: We require
a
> User-Name for MS-CHAPv2".
> However I sending well a login/pass. I use Aegis Client under Windows XP.
>
> Extract of the log:
>
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate for request 6
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/mschapv2
> rlm_eap: processing type mschapv2
> modcall: entering group Auth-Type for request 6
> rlm_mschap: We require a User-Name for MS-CHAPv2
> modcall[authenticate]: module "mschap" returns invalid for request 6
> modcall: group Auth-Type returns invalid for request 6
> rlm_eap: Freeing handler
> modcall[authenticate]: module "eap" returns reject for request 6
> modcall: group authenticate returns reject for request 6
> auth: Failed to validate the user.
> PEAP: Got tunneled reply RADIUS code 3
> EAP-Message = 0x04080004
> Message-Authenticator = 0x00000000000000000000000000000000
> PEAP: Tunneled authentication was rejected.
> rlm_eap_peap: FAILURE
> modcall[authenticate]: module "eap" returns handled for request 6
> modcall: group authenticate returns handled for request 6
> Sending Access-Challenge of id 179 to 139.165.212.248:21648
> EAP-Message =
>
0x0109004819001703010018ac414f6ecefb1195938be450e38551daade29cc502427c8d1703
> 0100200deeb0441302502f9721238326439a05db8a1f2e0974378092c076a44c9297b4
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x13eb44c46fbe30f082eaf7522f3c315e
> Finished request 6
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 139.165.212.248:21648, id=180,
> length=168
> User-Name = "lga"
> Framed-MTU = 1400
> Called-Station-Id = "000c.304f.75da"
> Calling-Station-Id = "000c.3052.9812"
> Message-Authenticator = 0x9f589078de1b5fe1cd17051ba032b42f
> EAP-Message =
>
0x0209002b19001703010020cd5ff5c0835b2f6cf5ae3109a04b77c096854a1ed328bb820781
> ea790d6c1f6a
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 314
> State = 0x13eb44c46fbe30f082eaf7522f3c315e
> Service-Type = Framed-User
> NAS-IP-Address = 139.165.212.248
> modcall: entering group authorize for request 7
> modcall[authorize]: module "preprocess" returns ok for request 7
> modcall[authorize]: module "chap" returns noop for request 7
> modcall[authorize]: module "mschap" returns noop for request 7
> rlm_realm: No '@' in User-Name = "lga", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 7
> rlm_eap: EAP packet type response id 9 length 43
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 7
> users: Matched lga at 54
> modcall[authorize]: module "files" returns ok for request 7
> modcall: group authorize returns updated for request 7
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate for request 7
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established. Proceeding to decode tunneled
> attributes.
>
> rlm_eap_peap: Received EAP-TLV response.
> rlm_eap_peap: Tunneled data is valid.
> rlm_eap_peap: Had sent TLV failure, rejecting.
> rlm_eap: Handler failed in EAP/peap
> rlm_eap: Failed in EAP select
> modcall[authenticate]: module "eap" returns invalid for request 7
> modcall: group authenticate returns invalid for request 7
> auth: Failed to validate the user.
> Delaying request 7 for 1 seconds
> Finished request 7
> Going to the next request
> Waking up in 6 seconds...
>
>
> By hoping that you can help me ...
>
>
> Lionel Gavage
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
