Tested with PAP and radtest, as per
http://deployingradius.com/documents/configuration/pap.html
All works OK
Now I want to test from a Windows 7 wireless client using PEAP (MSCHAPv2). The
page seems to indicate this should pretty much work with default config.
So:-
I added wireless AP to clients.conf
---------------
client 163.1.40.141 {
secret = testing
}
----------------
Disabled 'Validate server certificate' on the client
Entered bob as username, testing123 as password
I get No such realm 'NULL'
So added
---------------------
realm test {
authhost = LOCAL
accthost = LOCAL
}
To proxy.conf - not sure this is the correct way of resolving a null realm,
though.....
----------------
And this time entered bob@test as the username, testing123 as password
Now I get rejected - the following from the debug output looks relevant
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for bob@test with NT-Password
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\010E=691 R=1"
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\010E=691 R=1"
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
I posted the full debug output at
http://www.nuffield.ox.ac.uk/scratch2/test-peap.log - as I wasn't sure posting
all 900+ lines to this list would be appreciated - or is that OK in future?
The MSCHAP errors are line 901 onwards.
I'm doing something silly, no doubt - but what? Should this config just work
out of the box?
Appreciate any help.
Cheers
Mark
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
