The reason it failed is farther up the debug... read the whole output. "rlm_eap_peap: Had sent TLV failure, rejecting"
-----Original Message----- From: Nathan Blackham [mailto:[EMAIL PROTECTED] Sent: Thursday, August 05, 2004 10:57 AM To: [EMAIL PROTECTED] Subject: RE: PEAP-MSCHAPv2 and LDAP backend I tried just editing the ldap settings and it pulls out the password and the hash is exactly the same but it still rejects the user. This is from the debug: rlm_ldap: - authorize rlm_ldap: performing user authorization for nhb5 radius_xlat: '(uid=nhb5)' radius_xlat: '<PROTECTED>' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in <PROTECTED> with filter (uid=nhb5) rlm_ldap: Added password EAC65B528A048695B20A771229A76215 in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=21 rlm_ldap: Adding ntPassword as NT-Password, value EAC65B528A048695B20A771229A76215 & op=21 rlm_ldap: Adding lmPassword as LM-Password, value E4262816C09038B4C81667E9D738C5D9 & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user nhb5 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 7 rlm_eap: EAP packet type response id 9 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type LDAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'nhb5' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: group authenticate returns invalid for request 7 On Thu, 2004-08-05 at 09:52, Willey Kurt D wrote: > You don't have to edit stuff out of the config... it normally just > breaks stuff. Just edit your ldap settings, uncomment the ldap > authen/authorize, and you should be ready to rock. > > -----Original Message----- > From: Nathan Blackham [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 05, 2004 10:48 AM > To: [EMAIL PROTECTED] > Subject: Re: PEAP-MSCHAPv2 and LDAP backend > > I tried putting mschap back into the the authorize section and it still > did not work. I had it working against the users file but I want it to > authenticate against the LDAP. > > Nathan > > On Wed, 2004-08-04 at 18:02, Paul Bender wrote: > > Nathan Blackham wrote: > > > I am using FreeRadius1.0.0Pre3. > > > I am having a problem trying to get my user to authenticate. It > seems > > > as though everything is working right but the user is not being > > > authenticated. The debug shows that the password is the same as the > > > ntpassword from the LDAP server but it is not working. Here is a > > > portion of the debug log file: > > > > > > modcall: group authorize returns updated for request 6 > > > rad_check_password: Found Auth-Type LDAP > > > rad_check_password: Found Auth-Type EAP > > > Warning: Found 2 auth-types on request for user 'nhb5' > > > auth: type "EAP" > > > Processing the authenticate section of radiusd.conf > > > modcall: entering group authenticate for request 6 > > > rlm_eap: Request found, released from the list > > > rlm_eap: EAP/mschapv2 > > > rlm_eap: processing type mschapv2 > > > ERROR: Unknown value specified for Auth-Type. Cannot perform > > > > > authenticate { > > > eap > > > } > > > > You appear to be missing MS-CHAP as an authentication type. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html