Alan,
.-- My secret spy satellite informs me that at 6-12-2004 19:03 Alan DeKok wrote:
You are stripping the User-Name attribue when proxying. Don't do that.Thanks for your reply.
Actualy I tried with nostrip and without nostrip.
With the "nostrip" option the response always is "rlm_mschap: FAILED: MS-CHAP2-Response is incorrect"
But whith the same username and password combi and using ttls (PAP) it does work
With the nostrip option in the proxy file:
realm test.nl {
type = radius
authhost = $someIP:1812
accthost = $someIP:1813
secret = testing123
nostrip
}<>
PEAP: Setting User-Name to [EMAIL PROTECTED]
PEAP: Adding old state with 78 a7
PEAP: Sending tunneled request
EAP-Message = 0x0208003f1a0208003a318ab2035ead265938c799548cd7e8409600000000000000007022e4f099837e551c4ec9b262696dd9aa825bba237f14c60074657374
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "[EMAIL PROTECTED]"
State = 0x78a730b344c6d6887536347359a08e53
Framed-MTU = 1400
Called-Station-Id = "000d.ed77.d2c7"
Calling-Station-Id = "0009.5ba1.06eb"
NAS-Port-Type = Virtual
NAS-Port = 270
Service-Type = Login-User
NAS-IP-Address = 145.100.24.21
NAS-Identifier = "AP1-5.matrix.asp.nl"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/127.0.0.1/auth-detail-20041206'
rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/127.0.0.1/auth-detail-20041
206
modcall[authorize]: module "auth_log" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: Looking up realm "test.nl" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "test.nl"
rlm_realm: Adding Stripped-User-Name = "test"
rlm_realm: Proxying request from user test to realm test.nl
rlm_realm: Adding Realm = "test.nl"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 8 length 63
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched test at 1
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 7
rlm_mschap: Told to do MS-CHAPv2 for [EMAIL PROTECTED] with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 7
modcall: group Auth-Type returns reject for request 7
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 7
</>
the username seems to be [EMAIL PROTECTED], but in the user file it is test. could this be the cause? how should I fix this?
Any advise on this?
thanks in advance, regards Andree
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
