Hi, This is what I get. ---------- [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for usern...@domain.xx with NT-Password [mschap] expand: %{Stripped-User-Name} -> username [mschap] expand: --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} -> --username=username [mschap] No NT-Domain was found in the User-Name. [mschap] expand: %{mschap:NT-Domain} -> [mschap] expand: --domain=%{%{mschap:NT-Domain}:-DOMAIN.XX} -> --domain=LNU.SE [mschap] mschap2: 67 [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=756cc36d609e7393 [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=29dbc4dc525dd28cac668e57a0d85803996301a054d782fb Exec-Program output: NT_KEY: A67F6D31D2596CD536AD173AE3DBD480 Exec-Program-Wait: plaintext: NT_KEY: A67F6D31D2596CD536AD173AE3DBD480 Exec-Program: returned: 0 [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success -----------
I'm using WPA2-enterprise (tried WPA-ent to) I've tried both PEAP/MSCHAPv2 and EAP-TTLS/MSCHAPv2 and the CA-cert is used on the client. On 2010-04-26 15:37, Alan Buxey wrote: > Hi, > >> Info: ++[mschap] returns ok >> Debug: MSCHAP Success >> ---- >> So i assume that the auth. against AD is OK > > not if you havent done the EAP inner-tunnel stuff yet - unless you mean > basic authorize has completed. > >> but then the inner tunnel does something.... > > well, it tries to > >> Mon Apr 26 12:32:15 2010 : Info: [peap] Got tunneled Access-Challenge >> Mon Apr 26 12:32:15 2010 : Info: ++[eap] returns handled >> Sending Access-Challenge of id 0 to 194.47.88.154 port 2051 >> EAP-Message = >> 0x0107005b19001703010050154c3b195ed5a3fa88fd21477529cf86ee7d1d98cf8eb918036ac8aa14cd6f8c66a1836e9ab27087ad7df766d20447dbce1247b6a9ccf6b4376d854978db210db60f9b3578592123a4c5d43a205e8f79 >> Message-Authenticator = 0x00000000000000000000000000000000 >> State = 0x3b975d133d90441898602b7c0076958a > > it sends a challenge back to the NAS/AP - but nothign else is happening..... > so, either the NAS or the client. how have you got the AP set up? 802.1X or > WPA-Enterprise? how is the client configured? to use PEAP/MSCHAPv2 or > EAP-TTLS/MSCHAPv2? > got the required certificate installed on the client? > > alan > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Aniss Nazerian, IT-Department, Linnaeus University Phone: +46-470-708183, E-mail:aniss.nazer...@vxu.se O< ascii ribbon campaign - stop html mail - www.asciiribbon.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html