So, apparently when I have LDAP turned off for authorization in sites-enabled/default I can authenticate properly, but when I uncomment it, I can't. To get LDAP working with FreeRADIUS 2.1.6, LDAP is currently being used for authorization in the inner-tunnels config file, BUT for authentication in the defaults file.
I'm currently not able to do a radtest, but the wireless supplicants work fine... --- Nick Cappelletti [email protected] "Everyday is a gift and not a given right" ----- Original Message ----- From: "Nicholas Cappelletti" <[email protected]> To: "FreeRadius users mailing list" <[email protected]> Sent: Monday, August 3, 2009 5:54:55 PM GMT -05:00 US/Canada Eastern Subject: Re: LDAP PEAPv0/MSCHAPv2 Authentication After a little trial and error, and not changing anything on the wireless client side, I got FreeRADIUS to use mschap, but I'm now getting this error: [mschap] No MS-CHAP-Challenge in the request ++[mschap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> nick attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated I didn't have anything in the LDAP database for the user, but once I added radiusAuthType mschap, I am not being rejected, which is better then nothing I guess. Again, when I'm using the users file, I have no isssue authenticating. Is there something more I have to add to the users to allow this to work. Again, thank for the help and/or guidance. --Nick ----- Original Message ----- From: "Nicholas Cappelletti" <[email protected]> To: [email protected], "FreeRadius users mailing list" <[email protected]> Sent: Sunday, August 2, 2009 7:41:05 AM GMT -05:00 US/Canada Eastern Subject: Re: LDAP PEAPv0/MSCHAPv2 Authentication I thought that was interesting also. I did notice that. When my laptop makes a request to the server, when I'm using the users file, it sends the PEAP request as expected. When I enable LAP authentication/authorization, the default eap type is used instead. I've read through other posts, concerning this matter, and it's suggest to leave the server as 'default' as possible, which I have done. Would you, or anyone else, suggest changing the default eap type to peap then? Ivan, I do, very much, appreciate your dedication to the alias and all the work you do on the freeradius project, it seems it's sometimes tireless. :) --Nick ----- Original Message ----- From: "Ivan Kalik" <[email protected]> To: "FreeRadius users mailing list" <[email protected]> Sent: Sunday, August 2, 2009 3:32:03 AM GMT -05:00 US/Canada Eastern Subject: Re: LDAP PEAPv0/MSCHAPv2 Authentication > Okay, 802.1x for wireless works great when I'm using the default config > files. I use the automatically generated cert and create a few users in > the users config file. > And here is is when I configure the modules/ldap. This is with LDAP > enabled for authentication in the sites-enabled/inner-tunnel with nothing > else changed: ... > +- entering group authenticate {...} > [eap] EAP Identity > [eap] processing type md5 > rlm_eap_md5: Issuing Challenge > ++[eap] returns handled ... Your server would disagree. It thinks that this is EAP-MD5, not PEAP request. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
