Hi, I discovered where was the error: I was also limiting the users that can access at the database using the field "NAS-Identifier". That field was copied in the internal tunnell using "copy_request_to_tunnel = yes" in ttls, but not in PEAP.
========================================== To the developer: ========================================== Please document the option "copy_request_to_tunnel" in the peap module in eap.conf. I see it is supported but not documented as in the ttls module. Thanks. ========================================== > What kind of password have you stored in your db? > Alseo the "upper" part of debug info is relevant. Could you post it? > Yuri > > > On 10/25/05, Fabio <[EMAIL PROTECTED]> wrote: > > > > Hi, > > I am trying to use MySQL to autenticate users of a wireless network, using > > EAP-TTLS-PAP or PEAP-MS-CHAPv2. > > > > I use the following users file: > > > > user1 User-Password == "user1" > > DEFAULT Suffix == "@mydomain.org <http://mydomain.org>", Autz-Type := SQL > > > > while I have the following user in radcheck in MySQL > > > > mysql> select * from radcheck; > > +----+----------+---------------+----+-------+ > > | id | UserName | Attribute | op | Value | > > +----+----------+---------------+----+-------+ > > | 11 | sql1 | User-Password | == | sql1 | > > +----+----------+---------------+----+-------+ > > 1 row in set (0.00 sec) > > > > Logging with the user "user1" work fo both TTLS-PAP and PEAP-MS-CHAP-V2 > > (Tested with wpa_supplicant (both TTLS and PEAP) and MS Windows XP (PEAP)). > > > > When i try to authenticate as the user sql1 (which is in the MySQL DB), > > works for TTLS-PAP but doesn't work with PEAP. Seems that inside the file > > "users" are handled both PAP and MS-CHAPv2 password, while with MySQL I can > > use only PAP. > > > > The relevant part of the log with radiusd -X is provided below. > > > > Thanks to anyone helping with this. > > > > > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 8 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP/peap > > rlm_eap: processing type peap > > rlm_eap_peap: Authenticate > > rlm_eap_tls: processing TLS > > eaptls_verify returned 7 > > rlm_eap_tls: Done initial handshake > > eaptls_process returned 7 > > rlm_eap_peap: EAPTLS_OK > > rlm_eap_peap: Session established. Decoding tunneled attributes. > > rlm_eap_peap: Received EAP-TLV response. > > rlm_eap_peap: Tunneled data is valid. > > rlm_eap_peap: Had sent TLV failure, rejecting. > > rlm_eap: Handler failed in EAP/peap > > rlm_eap: Failed in EAP select > > modcall[authenticate]: module "eap" returns invalid for request 8 > > modcall: group authenticate returns invalid for request 8 > > auth: Failed to validate the user. > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > -- > Yuri Francalacci > [EMAIL PROTECTED] > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html