Re: peap/eap/mschapv2 + MySQL
Hi, > Alan: I believe I posted the errors I have been getting. I have posted no. ou just posted the debug output when a packet was received...not the full debug output from server startup. big difference alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap/eap/mschapv2 + MySQL
Matt Madrid wrote:
> Alan: I believe I posted the errors I have been getting. I have posted
> the debug output in previous posts in this thread. If there is more
> information that you think I should be giving pleas le me know.
You were told what the problem is:
...
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "oogabooga", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 145 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
...
There is *no* reference to the "sql" module in the "inner-tunnel"
section. Go fix that.
If you believe that it *is* listed, then see recent messages on this list:
a) the server is reading a different file than you are editing
b) you have *two* versions of "inner-tunnel"
the server is using (1), and you are editing (2)
The debug output is *definitive*. The server is not using "sql"
because it is not being told to use SQL.
So... go fix the problem. It is *impossible* for us to give you any
other advice, because the information *you* give us is pretty clear on
what the problem is.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap/eap/mschapv2 + MySQL
> >> I'd love to use inner-tunnel if I could get it to work. > > so..whats the error then - radiusd -X - it should be quite obvious > Alan: I believe I posted the errors I have been getting. I have posted the debug output in previous posts in this thread. If there is more information that you think I should be giving pleas le me know. -- mattsig - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap/eap/mschapv2 + MySQL
Hi, > I'd love to use inner-tunnel if I could get it to work. so..whats the error then - radiusd -X - it should be quite obvious alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap/eap/mschapv2 + MySQL
>> Ok, well like I said, mysql wasn't being queried by the inner-tunnel >> server. Still not clear on why that was happening, but I worked around >> it by commenting out inner-tunnel as the virtual server to use for >> peap. So the default server is being used and working. > > er, it wasnt working when you proxy to inner-tunnel > because SQL *WASNT* configured in your inner-tunnel section... > > go have a look at your inner-tunnel config again and tell me where > 'sql' appears in your authenticate section? > > now see how you have it configured in your 'default' hmm.. well as far as I can tell, 'sql' isn't supposed to be in the authenticate section. In my default config it is in the authorize section just as it is in inner-tunnel. When I did try to add it to authenticate, I get an error on startup: inner-tunnel[223]: "SQL" modules aren't allowed in 'authenticate' sections -- they have no such method. inner-tunnel[223]: Failed to parse "sql" entry. > > if you use inner-tunnel then you have far more efficient > config and server CPU usage etc. > I'd love to use inner-tunnel if I could get it to work. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap/eap/mschapv2 + MySQL
Hi, > > Now I've read a million posts on the web, including this list where > > people have reported the same problem. In most cases the problem was > > that the inner-tunnel server wasn't configured for sql. I definitely > > have sql on in the inner-tunnel file (which I will post in a sec). The > > mysql server IS being queried on the initial request, but not in > > inner-tunnel. Can someone please shed some light on this for me > > please. > > Ok, well like I said, mysql wasn't being queried by the inner-tunnel > server. Still not clear on why that was happening, but I worked around > it by commenting out inner-tunnel as the virtual server to use for > peap. So the default server is being used and working. er, it wasnt working when you proxy to inner-tunnel because SQL *WASNT* configured in your inner-tunnel section... go have a look at your inner-tunnel config again and tell me where 'sql' appears in your authenticate section? now see how you have it configured in your 'default' if you use inner-tunnel then you have far more efficient config and server CPU usage etc. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap/eap/mschapv2 + MySQL
> Now I've read a million posts on the web, including this list where > people have reported the same problem. In most cases the problem was > that the inner-tunnel server wasn't configured for sql. I definitely > have sql on in the inner-tunnel file (which I will post in a sec). The > mysql server IS being queried on the initial request, but not in > inner-tunnel. Can someone please shed some light on this for me > please. Ok, well like I said, mysql wasn't being queried by the inner-tunnel server. Still not clear on why that was happening, but I worked around it by commenting out inner-tunnel as the virtual server to use for peap. So the default server is being used and working. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP-EAP-MSCHAPv2
"Bilal Shahid" <[EMAIL PROTECTED]> wrote: > 1- I keep getting the following error > > rlm_eap_mschapv2: Response contains contradictory length 0 54 > > while using PEAP-EAP-MSCHAPv2 to authenticate the XSupplicant with > FreeRADIUS. Following is the partial lof from FreeRADIUS run in debug mode: You need to post the log of the packet which rlm_eap_mschapv2 is processing. The short answer is that the supplicant is not following the EAP-MSCHAP-V2 spec. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
