hi john,
how does your entry in the 'users' file look like? i had a similar issue with peap. after i removed the 'auth-type := local' (not sure if this is the proper syntax) from the according user it worked.
maybe this helps.
sven
John Mulkerin wrote:
I've already read the FAQ, mailinglists and all configs. Built Freeradius on RH9. Enabled EAP&TLS. Copied root.der and cert-clt.p12 to my WindowsXP clinet machine. On XP Client, enabled 802.1x authentication with PEAP. Authentication Method is EAP-MSCHAP v2.
I get a WIndows Userid log in screen. I'm using the testuser/Secret149 combo. However, password doesn't seem to be sent. What am I doing wrong? AP is an ExtremeNetworks Altitude 300.
Here is snippet from log:
rad_recv: Access-Request packet from host 192.168.75.2:1025, id=25, length=222
NAS-IP-Address = 192.168.75.2
NAS-Port-Id = "1:4:2"
Extreme-Attr-208 = 0x556e6b6e6f776e204c6f636174696f6e
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "testuser"
Calling-Station-Id = "00042384e7df"
Called-Station-Id = "0004960c6060"
NAS-Identifier = "Altitude 300"
State = 0x54de509544048f3b5c43608f7a647549
EAP-Message = 0x020500211980000000171503010012afc80f7adc192c1d1345f91dbc2a0576833d
Message-Authenticator = 0x210270844deb41e20ea5cf1e9595ce64
Proxy-State = 0x0000000304043dd93dd93dd93dd93dd93dd93dd93dd9
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 5 length 33
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched DEFAULT at 152
users: Matched testuser at 215
modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
rlm_eap_peap: No data inside of the tunnel.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 9
modcall: group authenticate returns invalid for request 9
auth: Failed to validate the user.
Login incorrect: [testuser/<no User-Password attribute>] (from client 192.168.75.2 port 2 cli 00042384e7df)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
