Did you generate the certificates that are mentioned
there? The one's that ship with the server are expired, you have to
generate your own certificate.
What version of FreeRADIUS. Version 1.1.1 fixed alot
of little PEAP things.
Version 1.1.3 of course is what you should be
running.
Most versions after 1.0.0 have the eap section broken out to a separate file, that has lots of comments in it about generating Certs.
Also, it looks like your actual problem is that you have
re-written the eap section... and missed a
Paren
This is Mine. In yours you have included mschapv2
inside of PEAP. It is its own section, outside of the PEAP
section.
peap
{
default_eap_type = mschapv2
default_eap_type = mschapv2
copy_request_to_tunnel =
no
use_tunneled_reply = yes
use_tunneled_reply = yes
# proxy_tunneled_request_as_eap =
yes
}
}
mschapv2
{
}
}
Been trying to get eap working with peap/mschapv2 but it doesn't seem to work.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian Walker
Sent: Friday, September 01, 2006 8:36 AM
To: [email protected]
Subject: Problems getting eap-mschapv2 working.
This is my radiusd.conf file:
prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = /var/run sbindir = ${exec_prefix}/sbin logdir = /var/log raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } $INCLUDE ${confdir}/clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { eap { default_eap_type = md5 timer_expire = 60 md5 { } tls { private_key_password = private_key_file = /usr/local/etc/raddb/new.cert.key certificate_file = /usr/local/etc/raddb/new.cert.cert CA_file = /usr/local/etc/raddb/cacert.pem dh_file = /dev/urandom random_file = /dev/urandom fragment_size = 1024 include_length = yes } peap { default_eap_type = mschapv2 mschapv2 { authtype = mschapv2 use_mppe = yes require_encryption = yes require_strong = yes } } } files { usersfile = ${confdir}/users compat = no } exec cerb { wait = yes program = "/usr/local/bin/cerbauth -e freeradius" input_pairs = request output_pairs = reply } preprocess { } } authorize { preprocess eap files } authenticate { Auth-Type eap { eap } Auth-Type CERB { cerb } }
as you can see, I'm currently working with md5 and this works perfectly well. But when I set the client and configure the server to default for peap/tls, then it fails saying:
"No such EAP type mschapv2"
I believe if I can get passed this, that my system will authenticate with peap/mschapv2 successfully.
Hope you can help.
Regards
Ian
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
