hey
Alan, Is your last name Dekok for a reason?
leap works, mschap does not
Alan DeKok No, it is NOT the same thing again. I have read ALL replies and you have not responded until NOW, therefore your assumption is WRONG. I gave you more information. LOOK AGAIN. I do not appreciate your tone in your email - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
leap works, mschap does not
I do not necessarily know how to implement mschap, it is actually (Secured password (EAP-MSCHAP v2) on the Orinoco gold card. The only thing I have set up in free radius that works is LEAP so far. Lets start from the beginning: I downloaded freeradius 0.9.3 and “unzipped” it. After installation, I went to /usr/local/etc/raddb/ and from there put in my changes in files to implement leap and mschap. In radiusd.conf I edited the default_eap_type to mschap (perhaps this does not matter now that it seems eap and chap are not the same after reading your email). In users I put in the user name and password. In clients, I entered the access point ip address and the key. This is all that I have done. If I set the default_eap_type in radiusd.conf to leap or md5, leap will work with a cisco client card. When trying to implement mschap, I am using an Orinoco gold card that offers to use peap then secured password (EAP-MSCHAP v2) within peap. This also appears to give me the opportunity to avoid using a certificate. The Orinoco gold card then offers me a logon using username and password and domain. I use the username and password only. This is when the radius server returns the message I will again send below. Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 172.16.30.165:1645, id=8, length=123 User-Name = "Joe" Framed-MTU = 1400 Called-Station-Id = "000d.bdda.b379" Calling-Station-Id = "0002.2d5e.d7a4" Message-Authenticator = 0x59f628e88f1fbb34059861e921e58a5d EAP-Message = 0x0202000d017363687565747a62 NAS-Port-Type = Virtual NAS-Port = 353 NAS-IP-Address = 172.16.30.165 NAS-Identifier = "ap" modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_eap: EAP packet type notification id 2 length 13 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated for request 0 rlm_realm: No '@' in User-Name = "joe", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched joe at 74 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 0 rlm_eap: EAP packet type notification id 2 length 13 rlm_eap: EAP Start not found rlm_eap: Configured EAP_TYPE is not supported rlm_eap: EAP Identity rlm_eap: Unsupported EAP_TYPE 1 modcall[authenticate]: module "eap" returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 8 to 172.16.30.165:1645 EAP-Message = 0x04020004 Message-Authenticator = 0x Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 8 with timestamp 40562aa3 Nothing to do. Sleeping until we see a request. [EMAIL PROTECTED] 417-895-5694
leap works, mschap does not
This message is for Alan DeKok. Thank you for responding to my email. I do not necessarily know how to implement mschap, it is actually (Secured password (EAP-MSCHAP v2) on the Orinoco gold card. The only thing I have set up in free radius that works is LEAP so far. Lets start from the beginning: I downloaded freeradius 0.9.3 and “unzipped” it. After installation, I went to /usr/local/etc/raddb/ and from there put in my changes in files to implement leap and mschap. In radiusd.conf I edited the default_eap_type to mschap (perhaps this does not matter now that it seems eap and chap are not the same after reading your email). In users I put in the user name and password. In clients, I entered the access point ip address and the key. This is all that I have done. If I set the default_eap_type in radiusd.conf to leap or md5, leap will work with a cisco client card. When trying to implement mschap, I am using an Orinoco gold card that offers to use peap then secured password (EAP-MSCHAP v2) within peap. This also appears to give me the opportunity to avoid using a certificate. The Orinoco gold card then offers me a logon using username and password and domain. I use the username and password only. This is when the radius server returns the message I will again send below. Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 172.16.30.165:1645, id=8, length=123 User-Name = "Joe" Framed-MTU = 1400 Called-Station-Id = "000d.bdda.b379" Calling-Station-Id = "0002.2d5e.d7a4" Message-Authenticator = 0x59f628e88f1fbb34059861e921e58a5d EAP-Message = 0x0202000d017363687565747a62 NAS-Port-Type = Virtual NAS-Port = 353 NAS-IP-Address = 172.16.30.165 NAS-Identifier = "ap" modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_eap: EAP packet type notification id 2 length 13 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated for request 0 rlm_realm: No '@' in User-Name = "joe", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched joe at 74 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 0 rlm_eap: EAP packet type notification id 2 length 13 rlm_eap: EAP Start not found rlm_eap: Configured EAP_TYPE is not supported rlm_eap: EAP Identity rlm_eap: Unsupported EAP_TYPE 1 modcall[authenticate]: module "eap" returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 8 to 172.16.30.165:1645 EAP-Message = 0x04020004 Message-Authenticator = 0x Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 8 with timestamp 40562aa3 Nothing to do. Sleeping until we see a request. Thanks, Brian
leap works, mschap does not
I am trying to set up my wireless network so people have to log on to use it. I am using an Orinoco gold card with peap using ms-chapv2 on windows xp. The wireless access point is a cisco aironet 1200, and I am using freeradius 0.9.3 on a redhat box. Below I show what the radius server gives me in response to trying to log in. If I use a cisco client wireless nic set to leap, and use leap or md5 as my default_eap_type on my radius server, everything works fine and the user is authenticated. Here is the message I get trying to implement mschap: Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 172.16.30.165:1645, id=8, length=123 User-Name = "Joe" Framed-MTU = 1400 Called-Station-Id = "000d.bdda.b379" Calling-Station-Id = "0002.2d5e.d7a4" Message-Authenticator = 0x59f628e88f1fbb34059861e921e58a5d EAP-Message = 0x0202000d017363687565747a62 NAS-Port-Type = Virtual NAS-Port = 353 NAS-IP-Address = 172.16.30.165 NAS-Identifier = "ap" modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_eap: EAP packet type notification id 2 length 13 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated for request 0 rlm_realm: No '@' in User-Name = "joe", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched joe at 74 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 0 rlm_eap: EAP packet type notification id 2 length 13 rlm_eap: EAP Start not found rlm_eap: Configured EAP_TYPE is not supported rlm_eap: EAP Identity rlm_eap: Unsupported EAP_TYPE 1 modcall[authenticate]: module "eap" returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 8 to 172.16.30.165:1645 EAP-Message = 0x04020004 Message-Authenticator = 0x Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 8 with timestamp 40562aa3 Nothing to do. Sleeping until we see a request. Any suggestions? Brian Schuetz 417-895-5694 [EMAIL PROTECTED]