Thank's for the answer Ivan. I have tried now both with or without encryption
Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes unfortunately the result is still the same Found Auth-Type = EAP +- entering group authenticate {....} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 rlm_eap_mschapv2: Invalid response type 4 [eap] Handler failed in EAP/mschapv2 [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Does it make sense to enable the encryption for mschap since the eap tunnel (as far I have understood) is the whole way from the client to the radius server. ________________________________ Von: Ivan Kalik <t...@kalik.net> An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Gesendet: Donnerstag, den 17. September 2009, 16:55:33 Uhr Betreff: Re: Authentication with eap/mschapv2 > I would like to authenticate my Windows XP wireless users with freeradius > against a AD. Test with the local ntlm_auth against the AD worked fine as > well radtest with a local user in the users file. > > I have read in the archive that "Code 4 is MS-CHAP failure. It means > that the client told the server > it didn't like the previous packet" > > But I have no idea what the server does not like. > mschap { > use_mppe = no > require_encryption = yes You have disabled MPPE (Microsoft Point-to-Point Encryption) yet you require encryption. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html