Alan DeKok wrote:
Andrew Rowson wrote:
Ok, I updated the radcheck table in mysql so that the atttibute read
"Cleartext-Password". I now get a different result when trying to log in
from the wlan:
...
rlm_eap_peap: Had sent TLV failure. User was rejected
earlier in this session.
Please post the *previous* debug messages, which indicate *why* the
user was rejected.
A complete output dump from freeradius is quite long, so I've hosted it
at http://public.growse.com/radiusd.log
Looking over it, it seems that a problem comes up with the MSCHAP bit:
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for growse with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 14
This appears to imply that there's no User-Password entry found anywhere
for the user in the database. This would be correct, as the attribute in
the radcheck table is set to Cleartext-Password. Anything other than
Cleartext-Password and freeradius doesn't attempt an auth-type of EAP,
but Local instead, going back to my original problem.
Andrew
Also, my cisco device logins have now broken since updating this
attribute, I'm guessing because the sql module can't authenticate the
user against the db?
No. The SQL module doesn't authenticate users.
Again, read the *entire* debug log to see what's going on.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
