EAP-PEAP - MSCHAPV2 option not working
Hi, I am trying to authenticate my xsupplicant with freeradius using PEAP option, but seems to fail with the below error message. Complete debug message is attached to the email. [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for peerless with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject I have tried following in my users file David User-Password=="freeradius" ---also David Auth-Type=Local, Password = "freeradius" Both does not seem to work. Please help me. Regards, Dev FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Feb 2 2010 at 16:20:53 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file /usr/local/etc/raddb/sites-enabled/default main { allow_core_dumps = no } including dictionary file /usr/local/etc/raddb/dictionary main { prefix = "/usr/local" localstatedir = "/usr/local/var" logdir = "/usr/local/var/log/radius" libdir = "/usr/local/lib"
Re: EAP-PEAP - MSCHAPV2 option not working
dev nath wrote: > I have tried following in my users file > > David User-Password=="freeradius" > > ---also > > David Auth-Type=Local, Password = "freeradius" > > Both does not seem to work. Please help me. Read the FAQ for how to set up a test user in the "users" file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-PEAP - MSCHAPV2 option not working
On Fri, Mar 26, 2010 at 1:50 AM, dev nath wrote: > Hi, > > I am trying to authenticate my xsupplicant with freeradius using PEAP option, > but seems to fail with the below error message. Complete debug message is > attached to the email. > I have tried following in my users file > > David User-Password=="freeradius" you left behind the third option, the only one working: David User-Password :="freeradius" On a side note, in freeradius 2.1.8 I'm having a *hard" time porting a perfectly working pre-2.x.x peap-mschapv2 server to the new freeradius concept. The tls negotiation works but when it comes to mschapv2: Failed to create a new socket for proxying requests. ERROR: Failed to create a new socket for proxying requests. ERROR: Failed inserting request into proxy hash. This server is working on the arbitrary ports 1818 and 1819 for authz + auth and acct. There is another server on the same machine working on the standard ports. What's the usual meaning of these messages? If I know where to look I might solve it without bothering anyone with the complete debug output. I already googled my way through the ML archives for there error messages, without much success. In pre-2.x.x versions of freeradius peap-mschapv2 is handled cleanly and linearly, is there really the need to proxy the inner mschapv2 auth? Am I doing something wrong? Most probably yes. Am I doing something silly? Most probably yes. bye inverse - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-PEAP - MSCHAPV2 option not working
Hi, > > David User-Password=="freeradius" > > you left behind the third option, the only one working: > David User-Password :="freeradius" no. the correct one is David Cleartext-Password := "freeradius" > In pre-2.x.x versions of freeradius peap-mschapv2 is handled cleanly > and linearly, is there really the need to proxy the inner mschapv2 > auth? only if you break or play with the config. you shouldnt need to proxy the inner-tunnel mschapv2 anywehere - the default server doesnt so you've edited the default config. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-PEAP - MSCHAPV2 option not working
On Fri, Mar 26, 2010 at 12:54 PM, Alan Buxey wrote: > only if you break or play with the config. you shouldnt need to proxy the > inner-tunnel mschapv2 anywehere - the default server doesnt so you've edited > the default config. Which is what I did. Thanks for pointing that out I'll begin again from an out of the box config - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html