I have a device that uses EAP-MSCHAPv2 (without
PEAP) for authentication. I am running freeRadius on Redhat. The device is
plugged into a switch which sends the EAP request to the server. I am unable to
get the device authenticated with the Radius server. In the users file should
the Auth-type be local or MS-Chap? Should I be sending the authentication
request to an NT domain or will the username and password in the user file be
sufficient?
Any documentation or insight would be very
helpful and greatly appreciated! Below is the
radius debug output.
Thanks, Paul.
rad_recv: Access-Request packet from host
13.138.136.68:1645, id=226, length=127
NAS-IP-Address = 13.138.136.68
NAS-Port = 50003
NAS-Port-Type = Ethernet
User-Name = "tester"
Called-Station-Id = "00-0A-B8-39-79-85"
Calling-Station-Id = "00-00-AA-6E-78-F6"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = 0x0201000b01746573746572
Message-Authenticator = 0x7836b28d762411aa9dcd27ff0d70d047
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "tester", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 1 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry tester at line 82
modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 8 for 1 seconds
Finished request 8
NAS-Port = 50003
NAS-Port-Type = Ethernet
User-Name = "tester"
Called-Station-Id = "00-0A-B8-39-79-85"
Calling-Station-Id = "00-00-AA-6E-78-F6"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = 0x0201000b01746573746572
Message-Authenticator = 0x7836b28d762411aa9dcd27ff0d70d047
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "tester", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 1 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry tester at line 82
modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 8 for 1 seconds
Finished request 8
This
e-mail message, including any attachments, is for the sole use of the intended
recipient(s) and may contain confidential information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended
recipient(s) please contact the sender by reply e-mail and destroy all copies of
the original message. Thank you
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
