update: not working again. 4 or 5 requests were working, now it is the same problem again.
stopping at the access-challenge.. -euro On Thu, Apr 8, 2010 at 8:36 AM, mr typo <euroregist...@gmail.com> wrote: > so mschap is working again, but now radius stops processing at sending the > access-challenge to the accesspoint. it should not be a certificate problem, > since the error is happening with all devices (win, mac, mobiles,..). proxy > requests to another radius are working fine. > > andy ideas? > > i am running on freeradius self compiled under centos5 > > update: after a reboot it is working again... any ideas what could have > caused the problem? reboot is not a solution if it happens again. > > -euro > > [mschap] adding MS-CHAPv2 MPPE keys > ++[mschap] returns ok > MSCHAP Success > ++[eap] returns handled > } # server eduroam-inner-tunnel > [peap] Got tunneled reply code 11 > EAP-Message = > 0x010b00331a030a002e533d46313235324136433543373437413137363637363739333345314443413030444330393842343436 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x34d7bc0635dca66007f66a576398301e > [peap] Got tunneled reply RADIUS code 11 > EAP-Message = > 0x010b00331a030a002e533d46313235324136433543373437413137363637363739333345314443413030444330393842343436 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x34d7bc0635dca66007f66a576398301e > [peap] Got tunneled Access-Challenge > ++[eap] returns handled > } # server eduroam > Sending Access-Challenge of id 74 to 10.80.10.150 port 1645 > EAP-Message = > 0x010b005b190017030100505394731e4048fe963007422bc8845a6901f4d04aa5c7f8e3c1bfc8b90a673a8bcde0455548fdfa1613eccb28d130d26caee4ca2fa7780f7f1f6df04625ee7ba950b11c3e610052763cc6cadcf803d7c9 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x193fdf6a1034c6d4fb779767b11c2fbf > Finished request 9. > Going to the next request > Waking up in 1.0 seconds. > Cleaning up request 0 ID 65 with timestamp +7 > > > > On Wed, Apr 7, 2010 at 9:31 AM, mr typo <euroregist...@gmail.com> wrote: > >> hello, >> >> i have added the with_nt_domain_hack in the mschapv2 section of eap.conf >> >> mschapv2 { >> with_ntdomain_hack = yes >> } >> >> >> with this change i am getting the following in debug log: >> [eap] processing type mschapv2 >> [mschapv2] +- entering group MS-CHAP {...} >> [mschap] Told to do MS-CHAPv2 for asart...@fh-salzburg.ac.at with >> NT-Password >> [mschap] expand: --username=%{Stripped-User-Name} -> --username=asartori >> [mschap] mschap2: f9 >> [mschap] expand: --challenge=%{mschap:Challenge} -> >> --challenge=f06598f7d3c7a32d >> [mschap] expand: --nt-response=%{mschap:NT-Response} -> >> --nt-response=eee56e2489411d6d778ab1a40cee629b6abce82769c1c1d1 >> Exec-Program output: NT_KEY: 3395EA4C15F1E2CE98AB55D36DE5DFBB >> Exec-Program-Wait: plaintext: NT_KEY: 3395EA4C15F1E2CE98AB55D36DE5DFBB >> Exec-Program: returned: 0 >> [mschap] adding MS-CHAPv2 MPPE keys >> ++[mschap] returns ok >> MSCHAP Success >> ++[eap] returns handled >> >> but i never receive a access-accept. from my understanding it should work? >> >> the complete debug log is at: >> https://overlord.fh-salzburg.ac.at/~asartori/debug.txt >> >> i hope someone can help! >> >> kind regards >> >> -euro >> >> On Tue, Apr 6, 2010 at 8:02 PM, mr typo <euroregist...@gmail.com> wrote: >> >>> ill try that. it is just strange that it worked until now.. >>> >>> in the module mschap i am doing a ntlm_auth request. that is how the >>> authenticate sections looks like now. >>> >>> authenticate { >>> Auth-Type MS-CHAP { >>> mschap >>> } >>> eap >>> } >>> >>> so i configure ntlm_auth from the modules and put the directive ntlm_auth >>> just before "Auth-Type MS-CHAP"? >>> >>> ill try that tomorrow, right now i have no chance to test it out. >>> >>> regards >>> >>> -euro >>> >>> On Tue, Apr 6, 2010 at 5:20 PM, Alan DeKok <al...@deployingradius.com>wrote: >>> >>>> mr typo wrote: >>>> > [mschap] Told to do MS-CHAPv2 for asart...@fh-salzburg.ac.at >>>> > <mailto:asart...@fh-salzburg.ac.at> with NT-Password >>>> > [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. >>>> >>>> You forced MS-CHAP (i.e. non-ntlm_auth) authentication in FreeRADIUS. >>>> Fix that. >>>> >>>> Alan DeKok. >>>> - >>>> List info/subscribe/unsubscribe? See >>>> http://www.freeradius.org/list/users.html >>>> >>> >>> >> >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html