Hi again and sorry if I ask you a lot!!
If you want to send me your radiusd.conf, it will be "très bien" for me. So, please send me your file if it's possible. À tout!! José Luis Solano SGI - Soluciones Globales Internet S.A. Delegación Regional Sur [EMAIL PROTECTED] (+34) 954.088.060 ----- Original Message ----- From: "Lionel Gavage" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 09, 2004 5:31 PM Subject: RE: Freeradius PEAP Problems > Hi José, > > I use a freeradius snapshot because TTLS isn't in rpm package. > You must have the TLS module to use TTLS module. > > The directive "default_eap_type" (in EAP module) must be fixed at "tls". > It's right > And the "default_eap_type" (in TTLS module) to "md5". It's right too. > > I can send my config file to you if u want. > > Lionel Gavage > > > -----Message d'origine----- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] la part de José > Luis Solano > Envoyé : lundi 9 février 2004 17:32 > À : [EMAIL PROTECTED] > Objet : Re: Freeradius PEAP Problems > > > > Sorry Lionel!!! Another question. > > I have changed my radiusd.conf and I have activated the TTLS module. But > now, there are two modules activated, is it a problem? > > > eap { > default_eap_type = tls !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > timer_expire = 60 > > #md5 { > #} > > tls { > private_key_password = izadisan > private_key_file = > /usr/local/openssl/ssl/certs/server/server.pem > certificate_file = > /usr/local/openssl/ssl/certs/server/server.pem > CA_file = /usr/local/openssl/ssl/certs/ca/ca.crt > dh_file = /usr/local/openssl/ssl/certs/dh > random_file = /usr/local/openssl/ssl/certs/random > fragment_size = 600 > include_length = yes > } > > ttls { > default_eap_type = md5 > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > use_tunneled_reply = no > } > } > > is it correct???? > > My freeRADIUS is 0.8.1, TTLS runs with this version? > For "default_eap_type" is possible md5 value only? > > > > Thanks again Lionel!!!! > > > > > José Luis Solano > SGI - Soluciones Globales Internet S.A. > Delegación Regional Sur > [EMAIL PROTECTED] > (+34) 954.088.060 > ----- Original Message ----- > From: "Lionel Gavage" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, February 09, 2004 4:59 PM > Subject: RE: Freeradius PEAP Problems > > > > > > Activated the TTLS module: > > > > ttls { > > default_eap_type = md5 > > use_tunneled_reply = no > > } > > > > and it's all. > > > > > > Lionel Gavage > > > > -----Message d'origine----- > > De : [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] la part de José > > Luis Solano > > Envoyé : lundi 9 février 2004 17:03 > > À : [EMAIL PROTECTED] > > Objet : Re: Freeradius PEAP Problems > > > > > > Hi Lionel!!!!!!!!!!!!!! > > > > > > I would need your help because I use EAP-TLS, EAP-TTLS and PEAP. The first > > one, TLS run OK, but TTLS and PEAP don't run OK. My first target now is > run > > TTLS and I will run PEAP after. So, can you help me please?. Currently, my > > radiusd.conf is: > > > > -------------------- > > # Extensible Authentication Protocol > > # > > # For all EAP related authentications > > eap { > > # Invoke the default supported EAP type when > > # EAP-Identity response is received > > default_eap_type = tls > > > > # Default expiry time to clean the EAP list, > > # It is maintained to co-relate the > > # EAP-response for each EAP-request sent. > > timer_expire = 60 > > > > # Supported EAP-types > > #md5 { > > #} > > > > ## EAP-TLS is highly experimental EAP-Type at the moment. > > # Please give feedback on the mailing list. > > tls { > > private_key_password = izadisan > > private_key_file = > > /usr/local/openssl/ssl/certs/server/server.pem > > > > # If Private key & Certificate are located in the > > # same file, then private_key_file & > certificate_file > > # must contain the same file name. > > certificate_file = > > /usr/local/openssl/ssl/certs/server/server.pem > > > > # Trusted Root CA list > > CA_file = /usr/local/openssl/ssl/certs/ca/ca.crt > > > > dh_file = /usr/local/openssl/ssl/certs/dh > > random_file = /usr/local/openssl/ssl/certs/random > > # > > # This can never exceed MAX_RADIUS_LEN (4096) > > # preferably half the MAX_RADIUS_LEN, to > > # accomodate other attributes in RADIUS packet. > > # On most APs the MAX packet length is configured > > # between 1500 - 1600. In these cases, fragment > > # size should be <= 1024. > > # > > fragment_size = 600 > > > > # include_length is a flag which is by default set > to > > yes > > # If set to yes, Total Length of the message is > > included > > # in EVERY packet we send. > > # If set to no, Total Length of the message is > > included > > # ONLY in the First packet of a fragment series. > > # > > include_length = yes > > } > > } > > ------------------------------ > > > > What changes I need to use TTLS? > > > > > > > > Thanks in advance Lionel!!!!!!! > > > > > > > > José Luis Solano > > SGI - Soluciones Globales Internet S.A. > > Delegación Regional Sur > > [EMAIL PROTECTED] > > (+34) 954.088.060 > > ----- Original Message ----- > > From: "Lionel Gavage" <[EMAIL PROTECTED]> > > To: "freeradius-users" <[EMAIL PROTECTED]> > > Sent: Monday, February 09, 2004 4:23 PM > > Subject: Freeradius PEAP Problems > > > > > > > Hi, > > > > > > I use FreeRadius snapshot 20040129 with EAP/TLS EAP/TTLS and EAP/PEAP. > > > I try to set up PEAP/MS-CHAPv2 but i've the error "rlm_mschap: We > require > > a > > > User-Name for MS-CHAPv2". > > > However I sending well a login/pass. I use Aegis Client under Windows > XP. > > > > > > Extract of the log: > > > > > > rad_check_password: Found Auth-Type EAP > > > auth: type "EAP" > > > modcall: entering group authenticate for request 6 > > > rlm_eap: Request found, released from the list > > > rlm_eap: EAP/mschapv2 > > > rlm_eap: processing type mschapv2 > > > modcall: entering group Auth-Type for request 6 > > > rlm_mschap: We require a User-Name for MS-CHAPv2 > > > modcall[authenticate]: module "mschap" returns invalid for request 6 > > > modcall: group Auth-Type returns invalid for request 6 > > > rlm_eap: Freeing handler > > > modcall[authenticate]: module "eap" returns reject for request 6 > > > modcall: group authenticate returns reject for request 6 > > > auth: Failed to validate the user. > > > PEAP: Got tunneled reply RADIUS code 3 > > > EAP-Message = 0x04080004 > > > Message-Authenticator = 0x00000000000000000000000000000000 > > > PEAP: Tunneled authentication was rejected. > > > rlm_eap_peap: FAILURE > > > modcall[authenticate]: module "eap" returns handled for request 6 > > > modcall: group authenticate returns handled for request 6 > > > Sending Access-Challenge of id 179 to 139.165.212.248:21648 > > > EAP-Message = > > > > > > 0x0109004819001703010018ac414f6ecefb1195938be450e38551daade29cc502427c8d1703 > > > 0100200deeb0441302502f9721238326439a05db8a1f2e0974378092c076a44c9297b4 > > > Message-Authenticator = 0x00000000000000000000000000000000 > > > State = 0x13eb44c46fbe30f082eaf7522f3c315e > > > Finished request 6 > > > Going to the next request > > > Waking up in 6 seconds... > > > rad_recv: Access-Request packet from host 139.165.212.248:21648, id=180, > > > length=168 > > > User-Name = "lga" > > > Framed-MTU = 1400 > > > Called-Station-Id = "000c.304f.75da" > > > Calling-Station-Id = "000c.3052.9812" > > > Message-Authenticator = 0x9f589078de1b5fe1cd17051ba032b42f > > > EAP-Message = > > > > > > 0x0209002b19001703010020cd5ff5c0835b2f6cf5ae3109a04b77c096854a1ed328bb820781 > > > ea790d6c1f6a > > > NAS-Port-Type = Wireless-802.11 > > > NAS-Port = 314 > > > State = 0x13eb44c46fbe30f082eaf7522f3c315e > > > Service-Type = Framed-User > > > NAS-IP-Address = 139.165.212.248 > > > modcall: entering group authorize for request 7 > > > modcall[authorize]: module "preprocess" returns ok for request 7 > > > modcall[authorize]: module "chap" returns noop for request 7 > > > modcall[authorize]: module "mschap" returns noop for request 7 > > > rlm_realm: No '@' in User-Name = "lga", looking up realm NULL > > > rlm_realm: No such realm "NULL" > > > modcall[authorize]: module "suffix" returns noop for request 7 > > > rlm_eap: EAP packet type response id 9 length 43 > > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > > modcall[authorize]: module "eap" returns updated for request 7 > > > users: Matched lga at 54 > > > modcall[authorize]: module "files" returns ok for request 7 > > > modcall: group authorize returns updated for request 7 > > > rad_check_password: Found Auth-Type EAP > > > auth: type "EAP" > > > modcall: entering group authenticate for request 7 > > > rlm_eap: Request found, released from the list > > > rlm_eap: EAP/peap > > > rlm_eap: processing type peap > > > rlm_eap_peap: Authenticate > > > rlm_eap_tls: processing TLS > > > eaptls_verify returned 7 > > > rlm_eap_tls: Done initial handshake > > > eaptls_process returned 7 > > > rlm_eap_peap: EAPTLS_OK > > > rlm_eap_peap: Session established. Proceeding to decode tunneled > > > attributes. > > > > > > rlm_eap_peap: Received EAP-TLV response. > > > rlm_eap_peap: Tunneled data is valid. > > > rlm_eap_peap: Had sent TLV failure, rejecting. > > > rlm_eap: Handler failed in EAP/peap > > > rlm_eap: Failed in EAP select > > > modcall[authenticate]: module "eap" returns invalid for request 7 > > > modcall: group authenticate returns invalid for request 7 > > > auth: Failed to validate the user. > > > Delaying request 7 for 1 seconds > > > Finished request 7 > > > Going to the next request > > > Waking up in 6 seconds... > > > > > > > > > By hoping that you can help me ... > > > > > > > > > Lionel Gavage > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
