leap works, mschap does not

[Brian Schuetz]

This message is for Alan DeKok.  Thank you for responding to my email.  I do not necessarily know how to implement mschap, it is actually (Secured password (EAP-MSCHAP v2) on the Orinoco gold card.  The only thing I have set up in free radius that works is LEAP so far.  Lets start from the beginning:  I downloaded freeradius 0.9.3 and “unzipped” it.  After installation, I went to /usr/local/etc/raddb/ and from there put in my changes in files to implement leap and mschap.  In radiusd.conf I edited the default_eap_type to mschap (perhaps this does not matter now that it seems eap and chap are not the same after reading your email).  In users I put in the user name and password. In clients, I entered the access point ip address and the key.  This is all that I have done.  If I set the default_eap_type in radiusd.conf to leap or md5, leap will work with a cisco client card.    When trying to implement mschap, I am using an Orinoco gold card that offers to use peap then secured password (EAP-MSCHAP v2) within peap. This also appears to give me the opportunity to avoid using a certificate.  The Orinoco gold card then offers me a logon using username and password and domain.  I use the username and password only.  This is when the radius server returns the message I will again send below.     Nothing to do.  Sleeping until we see a request. rad_recv: Access-Request packet from host 172.16.30.165:1645, id=8, length=123         User-Name = "Joe"         Framed-MTU = 1400         Called-Station-Id = "000d.bdda.b379"         Calling-Station-Id = "0002.2d5e.d7a4"         Message-Authenticator = 0x59f628e88f1fbb34059861e921e58a5d         EAP-Message = 0x0202000d017363687565747a62         NAS-Port-Type = Virtual         NAS-Port = 353         NAS-IP-Address = 172.16.30.165         NAS-Identifier = "ap" modcall: entering group authorize for request 0   modcall[authorize]: module "preprocess" returns ok for request 0   modcall[authorize]: module "chap" returns noop for request 0   rlm_eap: EAP packet type notification id 2 length 13   rlm_eap: EAP Start not found   modcall[authorize]: module "eap" returns updated for request 0     rlm_realm: No '@' in User-Name = "joe", looking up realm NULL     rlm_realm: No such realm "NULL"   modcall[authorize]: module "suffix" returns noop for request 0     users: Matched joe at 74   modcall[authorize]: module "files" returns ok for request 0   modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns updated for request 0   rad_check_password:  Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 0   rlm_eap: EAP packet type notification id 2 length 13   rlm_eap: EAP Start not found rlm_eap: Configured  EAP_TYPE is not supported   rlm_eap: EAP Identity rlm_eap: Unsupported EAP_TYPE 1   modcall[authenticate]: module "eap" returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 8 to 172.16.30.165:1645         EAP-Message = 0x04020004         Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 8 with timestamp 40562aa3 Nothing to do.  Sleeping until we see a request.     Thanks, Brian