I was really using an OLD version, just installed with yum on CentOS 5.03 and that package came. I removed it completely and installed the last one from freeradius.org (2.1.6). Put it to run and I still cannot authenticate... The log now ir REALLY BIG (1553 lines!), so I think it won't fit here. I read through it and I think that the fail is on EAP, but I can't figure out what it is... Here is a portion of the log, cut a little bit above where the errors begin
+- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "host/Bruna-PC", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 72 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for host/Bruna-PC with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 8 to 192.168.10.40 port 1626 EAP-Message = 0x0109002b19001703010020b13527dc7f67c4b029ac51c3a63ac74c2cf96da9f5dc022a07f84c96ed08063d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x20f14f3328f8565a13796ff2a63166b8 Finished request 18. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.10.40 port 1626, id=9, length=239 Message-Authenticator = 0x56f28528e049d66735949a71133271a4 Service-Type = Framed-User User-Name = "host/Bruna-PC" Framed-MTU = 1488 State = 0x20f14f3328f8565a13796ff2a63166b8 Called-Station-Id = "00-1D-7E-5F-DF-AB:Metasys-Desktop" Calling-Station-Id = "00-16-44-DA-54-89" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0209002b19001703010020fe1720018ad5ed26df018427f1605ab89c44772ce85d4b561e2f79175ef1727e NAS-IP-Address = 192.168.10.40 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/Bruna-PC", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> host/Bruna-PC attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 19 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 19 Sending Access-Reject of id 9 to 192.168.10.40 port 1626 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.8 seconds. Cleaning up request 10 ID 0 with timestamp +115 Cleaning up request 11 ID 1 with timestamp +115 Cleaning up request 12 ID 2 with timestamp +115 Cleaning up request 13 ID 3 with timestamp +115 Cleaning up request 14 ID 4 with timestamp +115 Cleaning up request 15 ID 5 with timestamp +115 Cleaning up request 16 ID 6 with timestamp +115 Cleaning up request 17 ID 7 with timestamp +115 Cleaning up request 18 ID 8 with timestamp +115 Waking up in 1.0 seconds. Cleaning up request 19 ID 9 with timestamp +115 Ready to process requests. These two lines caught my eye: [eap] Handler failed in EAP/peap [eap] Failed in EAP select But I don't know how to fix. I've played with the configs on eap.conf but I was unsuccessful. Everything, except for ipaddr and port on radiusd.conf was left untouched initially. I tried to use the "NT_domain_hack" from the mschap config but it was no good too... Thanks for any help! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html