> Did you generate the certificates that are mentioned there? The one's that ship with the server > are expired, you have to generate your own certificate.
I generated the certificates myself, these are working fine. I can use md5 no problem, but peap complains about mschapv2.
> What version of FreeRADIUS. Version 1.1.1 fixed alot of little PEAP things.> Version 1.1.3 of course is what you should be running.
Using the latest version 1.1.3, compiled with all options enabled.
They are all there, checked this morning, nothing missing.
> This is Mine. In yours you have included mschapv2 inside of PEAP. It is its own section,
> outside of the PEAP
section.
I did have it like this originally, and it still didn't work.
Any ideas appreciated.
I did have it like this originally, and it still didn't work.
Any ideas appreciated.
From: freeradius-users-bounces+mking=[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Ian Walker
Sent: Friday, September 01, 2006 8:36 AM
To: [email protected]
Subject: Problems getting eap-mschapv2 working.Been trying to get eap working with peap/mschapv2 but it doesn't seem to work.
This is my radiusd.conf file:
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var/run
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
$INCLUDE ${confdir}/clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
eap {
default_eap_type = md5
timer_expire = 60
md5 {
}
tls {
private_key_password =
private_key_file = /usr/local/etc/raddb/new.cert.key
certificate_file = /usr/local/etc/raddb/new.cert.cert
CA_file = /usr/local/etc/raddb/cacert.pem
dh_file = /dev/urandom
random_file = /dev/urandom
fragment_size = 1024
include_length = yes
}
peap {
default_eap_type = mschapv2
mschapv2 {
authtype = mschapv2
use_mppe = yes
require_encryption = yes
require_strong = yes
}
}
}
files {
usersfile = ${confdir}/users
compat = no
}
exec cerb {
wait = yes
program = "/usr/local/bin/cerbauth -e freeradius"
input_pairs = request
output_pairs = reply
}
preprocess {
}
}
authorize {
preprocess
eap
files
}
authenticate {
Auth-Type eap {
eap
}
Auth-Type CERB {
cerb
}
}
as you can see, I'm currently working with md5 and this works perfectly well. But when I set the client and configure the server to default for peap/tls, then it fails saying:
"No such EAP type mschapv2"
I believe if I can get passed this, that my system will authenticate with peap/mschapv2 successfully.
Hope you can help.
Regards
Ian
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
