EAP-PEAP - MSCHAPV2 option not working
Hi,
I am trying to authenticate my xsupplicant with freeradius using PEAP option,
but seems to fail with the below error message. Complete debug message is
attached to the email.
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for peerless with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
I have tried following in my users file
David User-Password=="freeradius"
---also
David Auth-Type=Local, Password = "freeradius"
Both does not seem to work. Please help me.
Regards,
Dev
FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Feb 2 2010 at
16:20:53
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/etc/raddb/sites-enabled/control-socket
including configuration file /usr/local/etc/raddb/sites-enabled/default
main {
allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/usr/local/var"
logdir = "/usr/local/var/log/radius"
libdir = "/usr/local/lib"
Re: EAP-PEAP - MSCHAPV2 option not working
dev nath wrote: > I have tried following in my users file > > David User-Password=="freeradius" > > ---also > > David Auth-Type=Local, Password = "freeradius" > > Both does not seem to work. Please help me. Read the FAQ for how to set up a test user in the "users" file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-PEAP - MSCHAPV2 option not working
On Fri, Mar 26, 2010 at 1:50 AM, dev nath wrote: > Hi, > > I am trying to authenticate my xsupplicant with freeradius using PEAP option, > but seems to fail with the below error message. Complete debug message is > attached to the email. > I have tried following in my users file > > David User-Password=="freeradius" you left behind the third option, the only one working: David User-Password :="freeradius" On a side note, in freeradius 2.1.8 I'm having a *hard" time porting a perfectly working pre-2.x.x peap-mschapv2 server to the new freeradius concept. The tls negotiation works but when it comes to mschapv2: Failed to create a new socket for proxying requests. ERROR: Failed to create a new socket for proxying requests. ERROR: Failed inserting request into proxy hash. This server is working on the arbitrary ports 1818 and 1819 for authz + auth and acct. There is another server on the same machine working on the standard ports. What's the usual meaning of these messages? If I know where to look I might solve it without bothering anyone with the complete debug output. I already googled my way through the ML archives for there error messages, without much success. In pre-2.x.x versions of freeradius peap-mschapv2 is handled cleanly and linearly, is there really the need to proxy the inner mschapv2 auth? Am I doing something wrong? Most probably yes. Am I doing something silly? Most probably yes. bye inverse - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-PEAP - MSCHAPV2 option not working
Hi, > > David User-Password=="freeradius" > > you left behind the third option, the only one working: > David User-Password :="freeradius" no. the correct one is David Cleartext-Password := "freeradius" > In pre-2.x.x versions of freeradius peap-mschapv2 is handled cleanly > and linearly, is there really the need to proxy the inner mschapv2 > auth? only if you break or play with the config. you shouldnt need to proxy the inner-tunnel mschapv2 anywehere - the default server doesnt so you've edited the default config. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-PEAP - MSCHAPV2 option not working
On Fri, Mar 26, 2010 at 12:54 PM, Alan Buxey wrote: > only if you break or play with the config. you shouldnt need to proxy the > inner-tunnel mschapv2 anywehere - the default server doesnt so you've edited > the default config. Which is what I did. Thanks for pointing that out I'll begin again from an out of the box config - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
