After a little trial and error, and not changing anything on the wireless
client side, I got FreeRADIUS to use mschap, but I'm now getting this error:
[mschap] No MS-CHAP-Challenge in the request
++[mschap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> nick
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
I didn't have anything in the LDAP database for the user, but once I added
radiusAuthType mschap, I am not being rejected, which is better then nothing I
guess.
Again, when I'm using the users file, I have no isssue authenticating. Is
there something more I have to add to the users to allow this to work. Again,
thank for the help and/or guidance.
--Nick
----- Original Message -----
From: "Nicholas Cappelletti" <[email protected]>
To: [email protected], "FreeRadius users mailing list"
<[email protected]>
Sent: Sunday, August 2, 2009 7:41:05 AM GMT -05:00 US/Canada Eastern
Subject: Re: LDAP PEAPv0/MSCHAPv2 Authentication
I thought that was interesting also. I did notice that. When my laptop makes
a request to the server, when I'm using the users file, it sends the PEAP
request as expected. When I enable LAP authentication/authorization, the
default eap type is used instead.
I've read through other posts, concerning this matter, and it's suggest to
leave the server as 'default' as possible, which I have done.
Would you, or anyone else, suggest changing the default eap type to peap then?
Ivan, I do, very much, appreciate your dedication to the alias and all the work
you do on the freeradius project, it seems it's sometimes tireless. :)
--Nick
----- Original Message -----
From: "Ivan Kalik" <[email protected]>
To: "FreeRadius users mailing list" <[email protected]>
Sent: Sunday, August 2, 2009 3:32:03 AM GMT -05:00 US/Canada Eastern
Subject: Re: LDAP PEAPv0/MSCHAPv2 Authentication
> Okay, 802.1x for wireless works great when I'm using the default config
> files. I use the automatically generated cert and create a few users in
> the users config file.
> And here is is when I configure the modules/ldap. This is with LDAP
> enabled for authentication in the sites-enabled/inner-tunnel with nothing
> else changed:
...
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge
> ++[eap] returns handled
...
Your server would disagree. It thinks that this is EAP-MD5, not PEAP request.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
