Thank's for the answer Ivan.
I have tried now both with or without encryption
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
unfortunately the result is still the same
Found Auth-Type = EAP
+- entering group authenticate {....}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
rlm_eap_mschapv2: Invalid response type 4
[eap] Handler failed in EAP/mschapv2
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Does it make sense to enable the encryption for mschap since the eap tunnel (as
far I have understood) is the whole way from the client to the radius server.
________________________________
Von: Ivan Kalik <t...@kalik.net>
An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Gesendet: Donnerstag, den 17. September 2009, 16:55:33 Uhr
Betreff: Re: Authentication with eap/mschapv2
> I would like to authenticate my Windows XP wireless users with freeradius
> against a AD. Test with the local ntlm_auth against the AD worked fine as
> well radtest with a local user in the users file.
>
> I have read in the archive that "Code 4 is MS-CHAP failure. It means
> that the client told the server
> it didn't like the previous packet"
>
> But I have no idea what the server does not like.
> mschap {
> use_mppe = no
> require_encryption = yes
You have disabled MPPE (Microsoft Point-to-Point Encryption) yet you
require encryption.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
