I just got it. You were right Willy, but you were in the wrong section. In the authenticate section I had to uncomment the MSCHAP section. I also uncommented the LDAP in the authentication section as well. It works fine now. Thanks for all the help.
Nathan On Thu, 2004-08-05 at 10:11, Willey Kurt D wrote: > The reason it failed is farther up the debug... read the whole output. > "rlm_eap_peap: Had sent TLV failure, rejecting" > > > -----Original Message----- > From: Nathan Blackham [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 05, 2004 10:57 AM > To: [EMAIL PROTECTED] > Subject: RE: PEAP-MSCHAPv2 and LDAP backend > > I tried just editing the ldap settings and it pulls out the password and > the hash is exactly the same but it still rejects the user. This is > from the debug: > > rlm_ldap: - authorize > rlm_ldap: performing user authorization for nhb5 > radius_xlat: '(uid=nhb5)' > radius_xlat: '<PROTECTED>' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in <PROTECTED> with filter (uid=nhb5) > rlm_ldap: Added password EAC65B528A048695B20A771229A76215 in check items > rlm_ldap: looking for check items in directory... > rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=21 > rlm_ldap: Adding ntPassword as NT-Password, value > EAC65B528A048695B20A771229A76215 & op=21 > rlm_ldap: Adding lmPassword as LM-Password, value > E4262816C09038B4C81667E9D738C5D9 & op=21 > rlm_ldap: looking for reply items in directory... > rlm_ldap: user nhb5 authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 7 > rlm_eap: EAP packet type response id 9 length 38 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 7 > modcall: group authorize returns updated for request 7 > rad_check_password: Found Auth-Type LDAP > rad_check_password: Found Auth-Type EAP > Warning: Found 2 auth-types on request for user 'nhb5' > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 7 > rlm_eap: Request found, released from the list > rlm_eap: EAP/peap > rlm_eap: processing type peap > rlm_eap_peap: Authenticate > rlm_eap_tls: processing TLS > eaptls_verify returned 7 > rlm_eap_tls: Done initial handshake > eaptls_process returned 7 > rlm_eap_peap: EAPTLS_OK > rlm_eap_peap: Session established. Decoding tunneled attributes. > rlm_eap_peap: Received EAP-TLV response. > rlm_eap_peap: Tunneled data is valid. > rlm_eap_peap: Had sent TLV failure, rejecting. > rlm_eap: Handler failed in EAP/peap > rlm_eap: Failed in EAP select > modcall[authenticate]: module "eap" returns invalid for request 7 > modcall: group authenticate returns invalid for request 7 > > > On Thu, 2004-08-05 at 09:52, Willey Kurt D wrote: > > You don't have to edit stuff out of the config... it normally just > > breaks stuff. Just edit your ldap settings, uncomment the ldap > > authen/authorize, and you should be ready to rock. > > > > -----Original Message----- > > From: Nathan Blackham [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 05, 2004 10:48 AM > > To: [EMAIL PROTECTED] > > Subject: Re: PEAP-MSCHAPv2 and LDAP backend > > > > I tried putting mschap back into the the authorize section and it > still > > did not work. I had it working against the users file but I want it > to > > authenticate against the LDAP. > > > > Nathan > > > > On Wed, 2004-08-04 at 18:02, Paul Bender wrote: > > > Nathan Blackham wrote: > > > > I am using FreeRadius1.0.0Pre3. > > > > I am having a problem trying to get my user to authenticate. It > > seems > > > > as though everything is working right but the user is not being > > > > authenticated. The debug shows that the password is the same as > the > > > > ntpassword from the LDAP server but it is not working. Here is a > > > > portion of the debug log file: > > > > > > > > modcall: group authorize returns updated for request 6 > > > > rad_check_password: Found Auth-Type LDAP > > > > rad_check_password: Found Auth-Type EAP > > > > Warning: Found 2 auth-types on request for user 'nhb5' > > > > auth: type "EAP" > > > > Processing the authenticate section of radiusd.conf > > > > modcall: entering group authenticate for request 6 > > > > rlm_eap: Request found, released from the list > > > > rlm_eap: EAP/mschapv2 > > > > rlm_eap: processing type mschapv2 > > > > ERROR: Unknown value specified for Auth-Type. Cannot perform > > > > > > > authenticate { > > > > eap > > > > } > > > > > > You appear to be missing MS-CHAP as an authentication type. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
