Re: [PacketFence-users] PEAP-TLS Get's seen as EAP Mschapv2 without password.
Hello, is it possible to run raddebug and have the output ? raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000 Thanks Fabrice Le lun. 30 oct. 2023 à 06:56, Anton Palmgård via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > *From:* Anton.P > *Sent:* Wednesday, October 18, 2023 10:33 PM > *To:* PacketFence-users@lists.sourceforge.net < > packetfence-users@lists.sourceforge.net> > *Subject:* Re: PEAP-TLS Get's seen as EAP Mschapv2 without password. > > If i disable mschap i get > eap: Tried to start unsupported EAP type MSCHAPv2 (26) > > The client is NOT configured wrong. We use PEAP-TLS at more or less all of > our customers and the profile works fine with NPS on the same sites but > want to migrate to Packetfence. > > BR, > Anton. > > -- > *From:* Anton.P > *Sent:* Wednesday, October 18, 2023 10:20 PM > *To:* PacketFence-users@lists.sourceforge.net < > packetfence-users@lists.sourceforge.net> > *Subject:* PEAP-TLS Get's seen as EAP Mschapv2 without password. > > Hi, i wonder if you've seen this... > > My issue is that setting Radius to PEAP-TLS. > > Setting Client to PEAP-TLS works fine with NPS , but with packetfence only > EAP-TLS works. Trying to Connect with PEAP-TLS gives the following in the > logs: > > " > Reason > VADV: Attribute "User-Password" is required for authentication" > > Oct 18 22:14:11 pf-1 auth[17079]: (21) Login incorrect (VADV: Attribute > "User-Password" is required for authentication): [ > fetakun...@gabenpirates.com] (from client 10.4.10.211/32 port 0 cli > 50:c2:e8:d6:69:cf via TLS tunnel) > Oct 18 22:14:11 pf-1 auth[17079]: (23) Login incorrect (eap_peap: The > users session was previously rejected: returning reject (again.)): [ > fetakun...@gabenpirates.com] (from client 10.4.10.211/32 port 0 cli > 50:c2:e8:d6:69:cf) > > > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] PEAP-TLS Get's seen as EAP Mschapv2 without password.
From: Anton.P Sent: Wednesday, October 18, 2023 10:33 PM To: PacketFence-users@lists.sourceforge.net Subject: Re: PEAP-TLS Get's seen as EAP Mschapv2 without password. If i disable mschap i get eap: Tried to start unsupported EAP type MSCHAPv2 (26) The client is NOT configured wrong. We use PEAP-TLS at more or less all of our customers and the profile works fine with NPS on the same sites but want to migrate to Packetfence. BR, Anton. From: Anton.P Sent: Wednesday, October 18, 2023 10:20 PM To: PacketFence-users@lists.sourceforge.net Subject: PEAP-TLS Get's seen as EAP Mschapv2 without password. Hi, i wonder if you've seen this... My issue is that setting Radius to PEAP-TLS. Setting Client to PEAP-TLS works fine with NPS , but with packetfence only EAP-TLS works. Trying to Connect with PEAP-TLS gives the following in the logs: " Reason VADV: Attribute "User-Password" is required for authentication" Oct 18 22:14:11 pf-1 auth[17079]: (21) Login incorrect (VADV: Attribute "User-Password" is required for authentication): [fetakun...@gabenpirates.com] (from client 10.4.10.211/32 port 0 cli 50:c2:e8:d6:69:cf via TLS tunnel) Oct 18 22:14:11 pf-1 auth[17079]: (23) Login incorrect (eap_peap: The users session was previously rejected: returning reject (again.)): [fetakun...@gabenpirates.com] (from client 10.4.10.211/32 port 0 cli 50:c2:e8:d6:69:cf) ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] PEAP-TLS Get's seen as EAP Mschapv2 without password.
Hi, i wonder if you've seen this... My issue is that setting Radius to PEAP-TLS. Setting Client to PEAP-TLS works fine with NPS , but with packetfence only EAP-TLS works. Trying to Connect with PEAP-TLS gives the following in the logs: " Reason VADV: Attribute "User-Password" is required for authentication" Oct 18 22:14:11 pf-1 auth[17079]: (21) Login incorrect (VADV: Attribute "User-Password" is required for authentication): [fetakun...@gabenpirates.com] (from client 10.4.10.211/32 port 0 cli 50:c2:e8:d6:69:cf via TLS tunnel) Oct 18 22:14:11 pf-1 auth[17079]: (23) Login incorrect (eap_peap: The users session was previously rejected: returning reject (again.)): [fetakun...@gabenpirates.com] (from client 10.4.10.211/32 port 0 cli 50:c2:e8:d6:69:cf) ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PEAP-TLS Get's seen as EAP Mschapv2 without password.
If i disable mschap i get eap: Tried to start unsupported EAP type MSCHAPv2 (26) The client is NOT configured wrong. We use PEAP-TLS at more or less all of our customers and the profile works fine with NPS on the same sites but want to migrate to Packetfence. BR, Anton. From: Anton.P Sent: Wednesday, October 18, 2023 10:20 PM To: PacketFence-users@lists.sourceforge.net Subject: PEAP-TLS Get's seen as EAP Mschapv2 without password. Hi, i wonder if you've seen this... My issue is that setting Radius to PEAP-TLS. Setting Client to PEAP-TLS works fine with NPS , but with packetfence only EAP-TLS works. Trying to Connect with PEAP-TLS gives the following in the logs: " Reason VADV: Attribute "User-Password" is required for authentication" Oct 18 22:14:11 pf-1 auth[17079]: (21) Login incorrect (VADV: Attribute "User-Password" is required for authentication): [fetakun...@gabenpirates.com] (from client 10.4.10.211/32 port 0 cli 50:c2:e8:d6:69:cf via TLS tunnel) Oct 18 22:14:11 pf-1 auth[17079]: (23) Login incorrect (eap_peap: The users session was previously rejected: returning reject (again.)): [fetakun...@gabenpirates.com] (from client 10.4.10.211/32 port 0 cli 50:c2:e8:d6:69:cf) ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users