Here is the log for it without auto header. Regards,
-Nathan ++- elsif (outer.NAS-IP-Address == 132.205.198.43) returns ok ... ++skipping elsif for request 30: Preceding "if" was taken ... skipping ++elsif for request 30: Preceding "if" was taken [expiration] returns ++noop [logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for nmcdavit with NT-Password [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. Login incorrect: [nmcdavit] (from client wireless-lwapp-bench-wlc port 0 via TLS tunnel) } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 55 to 132.205.198.43 port 32770 EAP-Message = 0x010a002b190017030100207df23a230dcaee583fabd44fedb5cc15e276675fa5d9a5ad2720 eb869a812361 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1e032ffe160936d2d9627494ce41a8f0 Finished request 30. Going to the next request Waking up in 4.4 seconds. rad_recv: Access-Request packet from host 132.205.198.43 port 32770, id=56, length=233 User-Name = "nmcdavit" Calling-Station-Id = "00-26-08-E8-67-42" Called-Station-Id = "00-24-97-F2-89-40:ConcordiaPEAP" NAS-Port = 5 NAS-IP-Address = 132.205.198.43 NAS-Identifier = "bench-wlc" Airespace-Wlan-Id = 10 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "268" EAP-Message = 0x020a002b19001703010020ebc4657c1bed6e0a992ffc4f1dd2ca5ede4739fd6dd2d73825bb 6feb5cdd96ab State = 0x1e032ffe160936d2d9627494ce41a8f0 Message-Authenticator = 0xf0b7d88f63be8bdd1b466c976efdf519 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "nmcdavit", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [nmcdavit] (from client wireless-lwapp-bench-wlc port 5 cli 00-26-08-E8-67-42) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> nmcdavit attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated > -----Original Message----- > From: freeradius-users- > bounces+nmcdavit=alcor.concordia...@lists.freeradius.org > [mailto:freeradius-users- > bounces+nmcdavit=alcor.concordia...@lists.freeradius.org] On Behalf Of > Nathan McDavit-Van Fleet > Sent: Wednesday, April 14, 2010 4:16 PM > To: 'FreeRadius users mailing list' > Subject: RE: Freeradius With EAP-TTLS-LDAP and EAP-PEAP-AD > > Hi, I did in fact have that enabled. > > Should I have it disabled or enabled? > > > > > -----Original Message----- > > From: freeradius-users- > > bounces+nmcdavit=alcor.concordia...@lists.freeradius.org > > [mailto:freeradius-users- > > bounces+nmcdavit=alcor.concordia...@lists.freeradius.org] On Behalf > Of > > Alan Buxey > > Sent: Wednesday, April 14, 2010 3:00 PM > > To: FreeRadius users mailing list > > Subject: Re: Freeradius With EAP-TTLS-LDAP and EAP-PEAP-AD > > > > hi, > > > > the error is seen with near bottom > > > > [mschapv2] +- entering group MS-CHAP {...} > > [mschap] No Cleartext-Password configured. Cannot create LM- > Password. > > [mschap] No Cleartext-Password configured. Cannot create NT- > Password. > > [mschap] Told to do MS-CHAPv2 for username with NT-Password > > [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. > > [mschap] FAILED: MS-CHAP2-Response is incorrect > > > > > > have you got ...i dunno... 'auto_header = yes' in your pap module? > > > > alan > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html