Sorry Lionel!!! Another question.
I have changed my radiusd.conf and I have activated the TTLS module. But
now, there are two modules activated, is it a problem?
eap {
default_eap_type = tls !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
timer_expire = 60
#md5 {
#}
tls {
private_key_password = izadisan
private_key_file =
/usr/local/openssl/ssl/certs/server/server.pem
certificate_file =
/usr/local/openssl/ssl/certs/server/server.pem
CA_file = /usr/local/openssl/ssl/certs/ca/ca.crt
dh_file = /usr/local/openssl/ssl/certs/dh
random_file = /usr/local/openssl/ssl/certs/random
fragment_size = 600
include_length = yes
}
ttls {
default_eap_type = md5
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
use_tunneled_reply = no
}
}
is it correct????
My freeRADIUS is 0.8.1, TTLS runs with this version?
For "default_eap_type" is possible md5 value only?
Thanks again Lionel!!!!
José Luis Solano
SGI - Soluciones Globales Internet S.A.
Delegación Regional Sur
[EMAIL PROTECTED]
(+34) 954.088.060
----- Original Message -----
From: "Lionel Gavage" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, February 09, 2004 4:59 PM
Subject: RE: Freeradius PEAP Problems
>
> Activated the TTLS module:
>
> ttls {
> default_eap_type = md5
> use_tunneled_reply = no
> }
>
> and it's all.
>
>
> Lionel Gavage
>
> -----Message d'origine-----
> De : [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] la part de José
> Luis Solano
> Envoyé : lundi 9 février 2004 17:03
> Ŕ : [EMAIL PROTECTED]
> Objet : Re: Freeradius PEAP Problems
>
>
> Hi Lionel!!!!!!!!!!!!!!
>
>
> I would need your help because I use EAP-TLS, EAP-TTLS and PEAP. The first
> one, TLS run OK, but TTLS and PEAP don't run OK. My first target now is
run
> TTLS and I will run PEAP after. So, can you help me please?. Currently, my
> radiusd.conf is:
>
> --------------------
> # Extensible Authentication Protocol
> #
> # For all EAP related authentications
> eap {
> # Invoke the default supported EAP type when
> # EAP-Identity response is received
> default_eap_type = tls
>
> # Default expiry time to clean the EAP list,
> # It is maintained to co-relate the
> # EAP-response for each EAP-request sent.
> timer_expire = 60
>
> # Supported EAP-types
> #md5 {
> #}
>
> ## EAP-TLS is highly experimental EAP-Type at the moment.
> # Please give feedback on the mailing list.
> tls {
> private_key_password = izadisan
> private_key_file =
> /usr/local/openssl/ssl/certs/server/server.pem
>
> # If Private key & Certificate are located in the
> # same file, then private_key_file &
certificate_file
> # must contain the same file name.
> certificate_file =
> /usr/local/openssl/ssl/certs/server/server.pem
>
> # Trusted Root CA list
> CA_file = /usr/local/openssl/ssl/certs/ca/ca.crt
>
> dh_file = /usr/local/openssl/ssl/certs/dh
> random_file = /usr/local/openssl/ssl/certs/random
> #
> # This can never exceed MAX_RADIUS_LEN (4096)
> # preferably half the MAX_RADIUS_LEN, to
> # accomodate other attributes in RADIUS packet.
> # On most APs the MAX packet length is configured
> # between 1500 - 1600. In these cases, fragment
> # size should be <= 1024.
> #
> fragment_size = 600
>
> # include_length is a flag which is by default set
to
> yes
> # If set to yes, Total Length of the message is
> included
> # in EVERY packet we send.
> # If set to no, Total Length of the message is
> included
> # ONLY in the First packet of a fragment series.
> #
> include_length = yes
> }
> }
> ------------------------------
>
> What changes I need to use TTLS?
>
>
>
> Thanks in advance Lionel!!!!!!!
>
>
>
> José Luis Solano
> SGI - Soluciones Globales Internet S.A.
> Delegación Regional Sur
> [EMAIL PROTECTED]
> (+34) 954.088.060
> ----- Original Message -----
> From: "Lionel Gavage" <[EMAIL PROTECTED]>
> To: "freeradius-users" <[EMAIL PROTECTED]>
> Sent: Monday, February 09, 2004 4:23 PM
> Subject: Freeradius PEAP Problems
>
>
> > Hi,
> >
> > I use FreeRadius snapshot 20040129 with EAP/TLS EAP/TTLS and EAP/PEAP.
> > I try to set up PEAP/MS-CHAPv2 but i've the error "rlm_mschap: We
require
> a
> > User-Name for MS-CHAPv2".
> > However I sending well a login/pass. I use Aegis Client under Windows
XP.
> >
> > Extract of the log:
> >
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > modcall: entering group authenticate for request 6
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/mschapv2
> > rlm_eap: processing type mschapv2
> > modcall: entering group Auth-Type for request 6
> > rlm_mschap: We require a User-Name for MS-CHAPv2
> > modcall[authenticate]: module "mschap" returns invalid for request 6
> > modcall: group Auth-Type returns invalid for request 6
> > rlm_eap: Freeing handler
> > modcall[authenticate]: module "eap" returns reject for request 6
> > modcall: group authenticate returns reject for request 6
> > auth: Failed to validate the user.
> > PEAP: Got tunneled reply RADIUS code 3
> > EAP-Message = 0x04080004
> > Message-Authenticator = 0x00000000000000000000000000000000
> > PEAP: Tunneled authentication was rejected.
> > rlm_eap_peap: FAILURE
> > modcall[authenticate]: module "eap" returns handled for request 6
> > modcall: group authenticate returns handled for request 6
> > Sending Access-Challenge of id 179 to 139.165.212.248:21648
> > EAP-Message =
> >
>
0x0109004819001703010018ac414f6ecefb1195938be450e38551daade29cc502427c8d1703
> > 0100200deeb0441302502f9721238326439a05db8a1f2e0974378092c076a44c9297b4
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0x13eb44c46fbe30f082eaf7522f3c315e
> > Finished request 6
> > Going to the next request
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 139.165.212.248:21648, id=180,
> > length=168
> > User-Name = "lga"
> > Framed-MTU = 1400
> > Called-Station-Id = "000c.304f.75da"
> > Calling-Station-Id = "000c.3052.9812"
> > Message-Authenticator = 0x9f589078de1b5fe1cd17051ba032b42f
> > EAP-Message =
> >
>
0x0209002b19001703010020cd5ff5c0835b2f6cf5ae3109a04b77c096854a1ed328bb820781
> > ea790d6c1f6a
> > NAS-Port-Type = Wireless-802.11
> > NAS-Port = 314
> > State = 0x13eb44c46fbe30f082eaf7522f3c315e
> > Service-Type = Framed-User
> > NAS-IP-Address = 139.165.212.248
> > modcall: entering group authorize for request 7
> > modcall[authorize]: module "preprocess" returns ok for request 7
> > modcall[authorize]: module "chap" returns noop for request 7
> > modcall[authorize]: module "mschap" returns noop for request 7
> > rlm_realm: No '@' in User-Name = "lga", looking up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 7
> > rlm_eap: EAP packet type response id 9 length 43
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 7
> > users: Matched lga at 54
> > modcall[authorize]: module "files" returns ok for request 7
> > modcall: group authorize returns updated for request 7
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > modcall: entering group authenticate for request 7
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/peap
> > rlm_eap: processing type peap
> > rlm_eap_peap: Authenticate
> > rlm_eap_tls: processing TLS
> > eaptls_verify returned 7
> > rlm_eap_tls: Done initial handshake
> > eaptls_process returned 7
> > rlm_eap_peap: EAPTLS_OK
> > rlm_eap_peap: Session established. Proceeding to decode tunneled
> > attributes.
> >
> > rlm_eap_peap: Received EAP-TLV response.
> > rlm_eap_peap: Tunneled data is valid.
> > rlm_eap_peap: Had sent TLV failure, rejecting.
> > rlm_eap: Handler failed in EAP/peap
> > rlm_eap: Failed in EAP select
> > modcall[authenticate]: module "eap" returns invalid for request 7
> > modcall: group authenticate returns invalid for request 7
> > auth: Failed to validate the user.
> > Delaying request 7 for 1 seconds
> > Finished request 7
> > Going to the next request
> > Waking up in 6 seconds...
> >
> >
> > By hoping that you can help me ...
> >
> >
> > Lionel Gavage
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
