Zoltan A. Ori wrote: > On Sunday 27 November 2005 06:52, Christian Poessinger wrote: >> >> Yes, I'm trying to use PEAP, I have configured MS-CHAPv1 as >> described in many Howtos. >> > > MS-CHAP V2 is in the Howtos of PEAP that I have read. In any case, > there is no mschap info in the tunnel which is indicated in the error > message: > > rlm_eap_peap: Session established. Decoding tunneled attributes. > rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied > TLS Alert read:fatal:access denied > rlm_eap_peap: No data inside of the tunnel. > > The error messages in FreeRADIUS are very informative and always > right on the money in the cases I've experienced. > > At this point, I would check to see what my supplicant was configured > to send and then check my eap.conf to make sure that RADIUS was > configured to receive it.
OK, i redesigned my CA. I haven't done that xpextensions stuff now i don't recieve the error above anymore. But now i get a new one :/ Any new ideas? rlm_ldap: user XXX authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 35 modcall: group authorize returns updated for request 35 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 35 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 35 modcall: group authenticate returns invalid for request 35 auth: Failed to validate the user. Delaying request 35 for 1 seconds Finished request 35 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host xxx.xxx.xxx.109:6001, id=36, length=166 Sending Access-Reject of id 36 to xxx.xxx.xxx.109:6001 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 2 seconds... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html