Re: Windows XP PEAP and FreeRadius Authorization

2004-03-01 Thread Nedialko Dimitrov 
Pavol,
Alan,

Regarding:

   I don't think there's much you can do on the server to fix a broken
 client.

I did some more debuging and found a problem:
There were no specific bind address of the radius server. The AP sent
authentication request to IP1 and received authentication reply from IP2,
and of cource did not accept it.
I set bind address in radiusd.conf and everithig is running fine.
The build in client in Windows XP is running fine.

Check this if tou have more than one address on the server host.

Nedialko


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Windows XP PEAP and FreeRadius :rlm_eap_peap: Had sent TLV failure, rejecting

2004-02-27 Thread Nedialko Dimitrov 
Hi,

I'm trying to run WindowsXP client with PEAP - MSCHAP-V2 auth and the
authentication fails

I got two possible points of error, but I cannot guess where is my problem:

(1)
rlm_eap_peap: Had sent TLV failure, rejecting
(2)
modcall[authenticate]: module eap returns reject for request 7

modcall: group authenticate returns reject for request 7

auth: Failed to validate the user.

What is TLV ?
What is doing request 7 and why does it fail ?

Any ideas ?

Details below:

My WindowsXP client settings are :

Connection properties -
Authentication : Enable IEEE 802.1x ...
EAP type PEAP
Properties -
Select Auth. Method: EAP-MSCHAP-v2

The users file:

user3   User-Password == cisco

the radiusd.conf
peap {
   default_eap_type = mschapv2
}
mschapv2 {
}




The complete log:
# /usr/local/sbin/radiusd -X

Starting - reading configuration files ...

reread_config: reading radiusd.conf

Config: including file: /usr/local/etc/raddb/proxy.conf

Config: including file: /usr/local/etc/raddb/clients.conf

Config: including file: /usr/local/etc/raddb/snmp.conf

Config: including file: /usr/local/etc/raddb/sql.conf

main: prefix = /usr/local

main: localstatedir = /usr/local/var

main: logdir = /usr/local/var/log/radius

main: libdir = /usr/local/lib

main: radacctdir = /usr/local/var/log/radius/radacct

main: hostname_lookups = no

main: max_request_time = 30

main: cleanup_delay = 5

main: max_requests = 1024

main: delete_blocked_requests = 0

main: port = 0

main: allow_core_dumps = no

main: log_stripped_names = no

main: log_file = /usr/local/var/log/radius/radius.log

main: log_auth = no

main: log_auth_badpass = no

main: log_auth_goodpass = no

main: pidfile = /usr/local/var/run/radiusd/radiusd.pid

main: bind_address = 212.39.64.183 IP address [212.39.64.183]

main: user = (null)

main: group = (null)

main: usercollide = no

main: lower_user = no

main: lower_pass = no

main: nospace_user = no

main: nospace_pass = no

main: checkrad = /usr/local/sbin/checkrad

main: proxy_requests = yes

proxy: retry_delay = 5

proxy: retry_count = 3

proxy: synchronous = no

proxy: default_fallback = yes

proxy: dead_time = 120

proxy: post_proxy_authorize = yes

proxy: wake_all_if_all_dead = no

security: max_attributes = 200

security: reject_delay = 1

security: status_server = no

main: debug_level = 0

read_config_files: reading dictionary

read_config_files: reading naslist

Using deprecated naslist file. Support for this will go away soon.

read_config_files: reading clients

Using deprecated clients file. Support for this will go away soon.

read_config_files: reading realms

Using deprecated realms file. Support for this will go away soon.

radiusd: entering modules setup

Module: Library search path is /usr/local/lib

Module: Loaded expr

Module: Instantiated expr (expr)

Module: Loaded eap

eap: default_eap_type = tls

eap: timer_expire = 60

eap: ignore_unknown_eap_types = no

rlm_eap: Loaded and initialized type md5

rlm_eap: Loaded and initialized type leap

tls: rsa_key_exchange = no

tls: dh_key_exchange = yes

tls: rsa_key_length = 512

tls: dh_key_length = 512

tls: verify_depth = 0

tls: CA_path = (null)

tls: pem_file_type = yes

tls: private_key_file = /root/CA/btc.pem

tls: certificate_file = /root/CA/btc.pem

tls: CA_file = /root/CA/root.pem

tls: private_key_password = whatever

tls: dh_file = /root/CA/DH

tls: random_file = /root/CA/random

tls: fragment_size = 1024

tls: include_length = yes

tls: check_crl = no

rlm_eap: Loaded and initialized type tls

peap: default_eap_type = mschapv2

peap: copy_request_to_tunnel = no

peap: use_tunneled_reply = no

peap: proxy_tunneled_request_as_eap = yes

rlm_eap: Loaded and initialized type peap

rlm_eap: Loaded and initialized type mschapv2

Module: Instantiated eap (eap)

Module: Loaded preprocess

preprocess: huntgroups = /usr/local/etc/raddb/huntgroups

preprocess: hints = /usr/local/etc/raddb/hints

preprocess: with_ascend_hack = no

preprocess: ascend_channels_per_line = 23

preprocess: with_ntdomain_hack = no

preprocess: with_specialix_jetstream_hack = no

preprocess: with_cisco_vsa_hack = yes

Module: Instantiated preprocess (preprocess)

Module: Loaded realm

realm: format = suffix

realm: delimiter = @

Module: Instantiated realm (suffix)

Module: Loaded files

files: usersfile = /usr/local/etc/raddb/users

files: acctusersfile = /usr/local/etc/raddb/acct_users

files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users

files: compat = no

Module: Instantiated files (files)

Module: Loaded Acct-Unique-Session-Id

acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id

Module: Instantiated acct_unique (acct_unique)

Module: Loaded detail

detail: detailfile =
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d

detail: detailperm = 384

detail: dirperm = 493

detail: locking = no

Module: