Sorry Lionel!!! Another question. I have changed my radiusd.conf and I have activated the TTLS module. But now, there are two modules activated, is it a problem?
eap { default_eap_type = tls !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! timer_expire = 60 #md5 { #} tls { private_key_password = izadisan private_key_file = /usr/local/openssl/ssl/certs/server/server.pem certificate_file = /usr/local/openssl/ssl/certs/server/server.pem CA_file = /usr/local/openssl/ssl/certs/ca/ca.crt dh_file = /usr/local/openssl/ssl/certs/dh random_file = /usr/local/openssl/ssl/certs/random fragment_size = 600 include_length = yes } ttls { default_eap_type = md5 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! use_tunneled_reply = no } } is it correct???? My freeRADIUS is 0.8.1, TTLS runs with this version? For "default_eap_type" is possible md5 value only? Thanks again Lionel!!!! José Luis Solano SGI - Soluciones Globales Internet S.A. Delegación Regional Sur [EMAIL PROTECTED] (+34) 954.088.060 ----- Original Message ----- From: "Lionel Gavage" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 09, 2004 4:59 PM Subject: RE: Freeradius PEAP Problems > > Activated the TTLS module: > > ttls { > default_eap_type = md5 > use_tunneled_reply = no > } > > and it's all. > > > Lionel Gavage > > -----Message d'origine----- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] la part de José > Luis Solano > Envoyé : lundi 9 février 2004 17:03 > Ŕ : [EMAIL PROTECTED] > Objet : Re: Freeradius PEAP Problems > > > Hi Lionel!!!!!!!!!!!!!! > > > I would need your help because I use EAP-TLS, EAP-TTLS and PEAP. The first > one, TLS run OK, but TTLS and PEAP don't run OK. My first target now is run > TTLS and I will run PEAP after. So, can you help me please?. Currently, my > radiusd.conf is: > > -------------------- > # Extensible Authentication Protocol > # > # For all EAP related authentications > eap { > # Invoke the default supported EAP type when > # EAP-Identity response is received > default_eap_type = tls > > # Default expiry time to clean the EAP list, > # It is maintained to co-relate the > # EAP-response for each EAP-request sent. > timer_expire = 60 > > # Supported EAP-types > #md5 { > #} > > ## EAP-TLS is highly experimental EAP-Type at the moment. > # Please give feedback on the mailing list. > tls { > private_key_password = izadisan > private_key_file = > /usr/local/openssl/ssl/certs/server/server.pem > > # If Private key & Certificate are located in the > # same file, then private_key_file & certificate_file > # must contain the same file name. > certificate_file = > /usr/local/openssl/ssl/certs/server/server.pem > > # Trusted Root CA list > CA_file = /usr/local/openssl/ssl/certs/ca/ca.crt > > dh_file = /usr/local/openssl/ssl/certs/dh > random_file = /usr/local/openssl/ssl/certs/random > # > # This can never exceed MAX_RADIUS_LEN (4096) > # preferably half the MAX_RADIUS_LEN, to > # accomodate other attributes in RADIUS packet. > # On most APs the MAX packet length is configured > # between 1500 - 1600. In these cases, fragment > # size should be <= 1024. > # > fragment_size = 600 > > # include_length is a flag which is by default set to > yes > # If set to yes, Total Length of the message is > included > # in EVERY packet we send. > # If set to no, Total Length of the message is > included > # ONLY in the First packet of a fragment series. > # > include_length = yes > } > } > ------------------------------ > > What changes I need to use TTLS? > > > > Thanks in advance Lionel!!!!!!! > > > > José Luis Solano > SGI - Soluciones Globales Internet S.A. > Delegación Regional Sur > [EMAIL PROTECTED] > (+34) 954.088.060 > ----- Original Message ----- > From: "Lionel Gavage" <[EMAIL PROTECTED]> > To: "freeradius-users" <[EMAIL PROTECTED]> > Sent: Monday, February 09, 2004 4:23 PM > Subject: Freeradius PEAP Problems > > > > Hi, > > > > I use FreeRadius snapshot 20040129 with EAP/TLS EAP/TTLS and EAP/PEAP. > > I try to set up PEAP/MS-CHAPv2 but i've the error "rlm_mschap: We require > a > > User-Name for MS-CHAPv2". > > However I sending well a login/pass. I use Aegis Client under Windows XP. > > > > Extract of the log: > > > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > modcall: entering group authenticate for request 6 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP/mschapv2 > > rlm_eap: processing type mschapv2 > > modcall: entering group Auth-Type for request 6 > > rlm_mschap: We require a User-Name for MS-CHAPv2 > > modcall[authenticate]: module "mschap" returns invalid for request 6 > > modcall: group Auth-Type returns invalid for request 6 > > rlm_eap: Freeing handler > > modcall[authenticate]: module "eap" returns reject for request 6 > > modcall: group authenticate returns reject for request 6 > > auth: Failed to validate the user. > > PEAP: Got tunneled reply RADIUS code 3 > > EAP-Message = 0x04080004 > > Message-Authenticator = 0x00000000000000000000000000000000 > > PEAP: Tunneled authentication was rejected. > > rlm_eap_peap: FAILURE > > modcall[authenticate]: module "eap" returns handled for request 6 > > modcall: group authenticate returns handled for request 6 > > Sending Access-Challenge of id 179 to 139.165.212.248:21648 > > EAP-Message = > > > 0x0109004819001703010018ac414f6ecefb1195938be450e38551daade29cc502427c8d1703 > > 0100200deeb0441302502f9721238326439a05db8a1f2e0974378092c076a44c9297b4 > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0x13eb44c46fbe30f082eaf7522f3c315e > > Finished request 6 > > Going to the next request > > Waking up in 6 seconds... > > rad_recv: Access-Request packet from host 139.165.212.248:21648, id=180, > > length=168 > > User-Name = "lga" > > Framed-MTU = 1400 > > Called-Station-Id = "000c.304f.75da" > > Calling-Station-Id = "000c.3052.9812" > > Message-Authenticator = 0x9f589078de1b5fe1cd17051ba032b42f > > EAP-Message = > > > 0x0209002b19001703010020cd5ff5c0835b2f6cf5ae3109a04b77c096854a1ed328bb820781 > > ea790d6c1f6a > > NAS-Port-Type = Wireless-802.11 > > NAS-Port = 314 > > State = 0x13eb44c46fbe30f082eaf7522f3c315e > > Service-Type = Framed-User > > NAS-IP-Address = 139.165.212.248 > > modcall: entering group authorize for request 7 > > modcall[authorize]: module "preprocess" returns ok for request 7 > > modcall[authorize]: module "chap" returns noop for request 7 > > modcall[authorize]: module "mschap" returns noop for request 7 > > rlm_realm: No '@' in User-Name = "lga", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 7 > > rlm_eap: EAP packet type response id 9 length 43 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 7 > > users: Matched lga at 54 > > modcall[authorize]: module "files" returns ok for request 7 > > modcall: group authorize returns updated for request 7 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > modcall: entering group authenticate for request 7 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP/peap > > rlm_eap: processing type peap > > rlm_eap_peap: Authenticate > > rlm_eap_tls: processing TLS > > eaptls_verify returned 7 > > rlm_eap_tls: Done initial handshake > > eaptls_process returned 7 > > rlm_eap_peap: EAPTLS_OK > > rlm_eap_peap: Session established. Proceeding to decode tunneled > > attributes. > > > > rlm_eap_peap: Received EAP-TLV response. > > rlm_eap_peap: Tunneled data is valid. > > rlm_eap_peap: Had sent TLV failure, rejecting. > > rlm_eap: Handler failed in EAP/peap > > rlm_eap: Failed in EAP select > > modcall[authenticate]: module "eap" returns invalid for request 7 > > modcall: group authenticate returns invalid for request 7 > > auth: Failed to validate the user. > > Delaying request 7 for 1 seconds > > Finished request 7 > > Going to the next request > > Waking up in 6 seconds... > > > > > > By hoping that you can help me ... > > > > > > Lionel Gavage > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html