Re: Getting PEAP/MSChap-v2 working with Cisco AP1231G Access points.
Hi, > I have been using FreeRADIUS for some time now to do simple MAC > authentication for the original implementation of our wireless network. > This of course was a temporary solution and I am trying to move all of the > users over to PEAP Authentication. okay. you'd be much better off with recent version of the server/daemon..but still. by the looks of it, almost everything is fine - barring the final check of the use r- HOW are you attempting to authorise the users? I ask because the main issue i see from debug is > rlm_eap: EAP/mschapv2 > rlm_eap: processing type mschapv2 > Processing the authenticate section of radiusd.conf > modcall: entering group MS-CHAP for request 8 > rlm_mschap: No User-Password configured. Cannot create LM-Password. > rlm_mschap: No User-Password configured. Cannot create NT-Password. > rlm_mschap: Told to do MS-CHAPv2 for C12660 with NT-Password > rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect > modcall[authenticate]: module "mschap" returns reject for request 8 > modcall: leaving group MS-CHAP (returns reject) for request 8 > rlm_eap: Freeing handler this means the inner tunnel part of the PEAP (MSCHAPv2) is failing because it knows not the way of dealing with the password supplied (if any!) so, you can either put a password into a DB or plain file (users) or you can use eg ntlm_auth to so a challenge response check alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting PEAP/MSChap-v2 working with Cisco AP1231G Access points.
Terry Pelley wrote: > FreeRADIUS Version 1.1.3-r0.1.2 Hmm... it would be best to upgrade to 1.1.7, but that's a separate issue. > I am fairly new to FreeRADIUS, so I expect what I am doing wrong is > going to be obvious to most but any advice would be welcomed. From what > I can see it appears that the User-Password attribute may not be getting > processed correctly as indicated by the following lines. In 1.1.3, put the following at the TOP of the "users" file: bob User-Password := "bob" And then login via PEAP as that user. It should work. The problem is that the server hasn't been told a "known good" password for the user, so it can't authenticate them. > Ottawa-Carleton District School Board Hmm... lived in that are for 30 years. Cold. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
