You need to set default_eap_type = peap in radiusd.conf. As of XP sp1, md5 is no longer being used.
Your peap section should be this simple.
peap { default_eap_type = mschapv2 }
Best wishes,
-=Bill
Justin Bailey wrote:
I am down to a deadline (school) for using FreeRADIUS to work as an 802.1x authenticator for a wireless network. I currently have the CVS snapshot of freeRADIUS from 20031208 on Redhat Linux 6.2.
I have windows configured to use WEP and 802.1x PEAP. My PEAP configuration is set to NOT validate a server certificate and to use EAP-MSCHAPv2 as the authentication method. (Can I use PEAP like this (without a server certificate?)
When connecting to my wireless ap, windows asks for a username and password to use to connect to the network. I supply a valid system logon to the Linux box. Running FreeRADIUS in debugging mode shows the request is being received and replied to by the RADIUS server: Modcall[authorize]: module "files returns ok for request 0 Modcall[authorize]: module "mschap" returns noop for request 0 Modcall: group authorize returns updated for request 0 Rad_check_password: found auth-type EAP Auth: type "EAP" Modcall: entering group authenticate for request 0 Rlm_eap: EAP Identity Rlm_eap: processing type MD5 Rlm_eap_md5: Issuing Challenge Modcall[authenticate]: module "eap" returns handled for request 0 Sending Access-Challenge of id 2 to 192.XXXXXXXX EAP-Message = 0x0.... Message-Authenticator = 0x00000.. State = 0x24.... Finished Request 0 Going to the next request ....
It appears my XP machine never replies. Am I missing a configuration setting on the RADIUS server to recognize the interaction as MS-CHAPv2? All help appreciated.
Justin
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html