Hello, You did not send you configuration file: it makes it much easier for us to diagnose problems if you send your configuration file (ne secrets)
It looks like you have your EAPType set to just MSCHAP-V2, and the client is trying to the do the outer authetiocaiton PEAP first. You probably need to set your EAPType to EAPType PEAP,MSCHAP-V2 See goodies/eap_peap.cfg for examples on how to configure for PEAP. Cheers. On Wed, 11 Jun 2003 09:55 pm, Mobic.com wrote: > Hi > > I am testing different eap methods, and I have successfully tested: > > eap-md5 > eap-tls > eap-ttls (ms-chap-v2) > > using the Odyssey supplicant. > > But I have problems testing peap (ms-chap-v2), the log says "Access > rejected for testUser: Desired EAP type 25 not permitted" (se log file > below). > > I am using the eap_multi.cfg configuration and the demo certificates. I am > using the Zyxel B-1000 AP. > > Any ideas how to resolv this? > > This is what I get from the log: > > Code: Access-Request > Identifier: 227 > Authentic: Q<236>o<156>GjC<226><150>e<179><16><30><251>Ba > Attributes: > User-Name = "testUser" > NAS-IP-Address = 195.134.48.28 > NAS-Identifier = "WI_test" > Framed-MTU = 1496 > Called-Station-Id = "00-a0-c5-37-3e-62:Wireless" > Calling-Station-Id = "00-04-75-df-ae-e3" > NAS-Port-Type = Wireless-IEEE-802-11 > EAP-Message = <2>)<0><6><13><0> > Message-Authenticator = > 8}<150><137><138><239><232><29><136><14>><21>;<243><241><6> > > Wed Jun 11 12:54:08 2003: DEBUG: Handling request with Handler > 'TunnelledByPEAP=1' > Wed Jun 11 12:54:08 2003: DEBUG: Rewrote user name to testUser > Wed Jun 11 12:54:08 2003: DEBUG: Deleting session for testUser, > 195.134.48.28, > Wed Jun 11 12:54:08 2003: DEBUG: Handling with Radius::AuthFILE: > Wed Jun 11 12:54:08 2003: DEBUG: Handling with EAP: code 2, 41, 6 > Wed Jun 11 12:54:08 2003: DEBUG: Response type 13 > Wed Jun 11 12:54:08 2003: DEBUG: Radius::AuthFILE looks for match with > testUser > Wed Jun 11 12:54:08 2003: DEBUG: Radius::AuthFILE ACCEPT: > Wed Jun 11 12:54:08 2003: DEBUG: Access accepted for testUser > Wed Jun 11 12:54:08 2003: DEBUG: Packet dump: > *** Sending to 195.134.48.28 port 1026 .... > Code: Access-Accept > Identifier: 227 > Authentic: Q<236>o<156>GjC<226><150>e<179><16><30><251>Ba > Attributes: > EAP-Message = <3>)<0><4> > Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > > Wed Jun 11 12:54:35 2003: DEBUG: Packet dump: > *** Received from 195.134.48.28 port 1026 .... > Code: Access-Request > Identifier: 228 > Authentic: Z<208><199><142><252>5<139>d<199><187><213>w<127><203>40 > Attributes: > User-Name = "testUser" > NAS-IP-Address = 195.134.48.28 > NAS-Identifier = "WI_test" > Framed-MTU = 1496 > Called-Station-Id = "00-a0-c5-37-3e-62:Wireless" > Calling-Station-Id = "00-04-75-df-ae-e3" > NAS-Port-Type = Wireless-IEEE-802-11 > EAP-Message = <2>*<0><13><1>testUser > Message-Authenticator = > <130><194><168>'<178><146><147><156><142>x+<189><190><18>'* > > Wed Jun 11 12:54:35 2003: DEBUG: Handling request with Handler > 'TunnelledByPEAP=1' > Wed Jun 11 12:54:35 2003: DEBUG: Rewrote user name to testUser > Wed Jun 11 12:54:35 2003: DEBUG: Deleting session for testUser, > 195.134.48.28, > Wed Jun 11 12:54:35 2003: DEBUG: Handling with Radius::AuthFILE: > Wed Jun 11 12:54:35 2003: DEBUG: Handling with EAP: code 2, 42, 13 > Wed Jun 11 12:54:35 2003: DEBUG: Response type 1 > Wed Jun 11 12:54:35 2003: DEBUG: Access challenged for testUser: EAP > MSCHAP-V2 Challenge > Wed Jun 11 12:54:35 2003: DEBUG: Packet dump: > *** Sending to 195.134.48.28 port 1026 .... > Code: Access-Challenge > Identifier: 228 > Authentic: Z<208><199><142><252>5<139>d<199><187><213>w<127><203>40 > Attributes: > EAP-Message = > <1>+<0>/<26><1>+<0>*<16>G4<193>lC:<216><191><12><189><133>|<244><22>!<227>i >n novasjon.mobinor.no > Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > > Wed Jun 11 12:54:35 2003: DEBUG: Packet dump: > *** Received from 195.134.48.28 port 1026 .... > Code: Access-Request > Identifier: 229 > Authentic: <164><254>}w<153><236>?M<139><166><149>/<254><239><180><253> > Attributes: > User-Name = "testUser" > NAS-IP-Address = 195.134.48.28 > NAS-Identifier = "WI_test" > Framed-MTU = 1496 > Called-Station-Id = "00-a0-c5-37-3e-62:Wireless" > Calling-Station-Id = "00-04-75-df-ae-e3" > NAS-Port-Type = Wireless-IEEE-802-11 > EAP-Message = <2>+<0><6><3><25> > Message-Authenticator = > <180>h<24><219>a<149>,<159><201><249><236>rk<<161><28> > > Wed Jun 11 12:54:35 2003: DEBUG: Handling request with Handler > 'TunnelledByPEAP=1' > Wed Jun 11 12:54:35 2003: DEBUG: Rewrote user name to testUser > Wed Jun 11 12:54:35 2003: DEBUG: Deleting session for testUser, > 195.134.48.28, > Wed Jun 11 12:54:35 2003: DEBUG: Handling with Radius::AuthFILE: > Wed Jun 11 12:54:35 2003: DEBUG: Handling with EAP: code 2, 43, 6 > Wed Jun 11 12:54:35 2003: DEBUG: Response type 3 > Wed Jun 11 12:54:35 2003: INFO: EAP Nak desires type 25 > Wed Jun 11 12:54:35 2003: INFO: Access rejected for testUser: Desired EAP > type 25 not permitted > Wed Jun 11 12:54:35 2003: DEBUG: Packet dump: > *** Sending to 195.134.48.28 port 1026 .... > Code: Access-Reject > Identifier: 229 > Authentic: <164><254>}w<153><236>?M<139><166><149>/<254><239><180><253> > Attributes: > Reply-Message = "Request Denied" > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
