Re: peap/eap/mschapv2 + MySQL
Hi, > Alan: I believe I posted the errors I have been getting. I have posted no. ou just posted the debug output when a packet was received...not the full debug output from server startup. big difference alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap/eap/mschapv2 + MySQL
Matt Madrid wrote: > Alan: I believe I posted the errors I have been getting. I have posted > the debug output in previous posts in this thread. If there is more > information that you think I should be giving pleas le me know. You were told what the problem is: ... server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "oogabooga", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 145 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ... There is *no* reference to the "sql" module in the "inner-tunnel" section. Go fix that. If you believe that it *is* listed, then see recent messages on this list: a) the server is reading a different file than you are editing b) you have *two* versions of "inner-tunnel" the server is using (1), and you are editing (2) The debug output is *definitive*. The server is not using "sql" because it is not being told to use SQL. So... go fix the problem. It is *impossible* for us to give you any other advice, because the information *you* give us is pretty clear on what the problem is. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap/eap/mschapv2 + MySQL
> >> I'd love to use inner-tunnel if I could get it to work. > > so..whats the error then - radiusd -X - it should be quite obvious > Alan: I believe I posted the errors I have been getting. I have posted the debug output in previous posts in this thread. If there is more information that you think I should be giving pleas le me know. -- mattsig - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap/eap/mschapv2 + MySQL
Hi, > I'd love to use inner-tunnel if I could get it to work. so..whats the error then - radiusd -X - it should be quite obvious alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap/eap/mschapv2 + MySQL
>> Ok, well like I said, mysql wasn't being queried by the inner-tunnel >> server. Still not clear on why that was happening, but I worked around >> it by commenting out inner-tunnel as the virtual server to use for >> peap. So the default server is being used and working. > > er, it wasnt working when you proxy to inner-tunnel > because SQL *WASNT* configured in your inner-tunnel section... > > go have a look at your inner-tunnel config again and tell me where > 'sql' appears in your authenticate section? > > now see how you have it configured in your 'default' hmm.. well as far as I can tell, 'sql' isn't supposed to be in the authenticate section. In my default config it is in the authorize section just as it is in inner-tunnel. When I did try to add it to authenticate, I get an error on startup: inner-tunnel[223]: "SQL" modules aren't allowed in 'authenticate' sections -- they have no such method. inner-tunnel[223]: Failed to parse "sql" entry. > > if you use inner-tunnel then you have far more efficient > config and server CPU usage etc. > I'd love to use inner-tunnel if I could get it to work. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap/eap/mschapv2 + MySQL
Hi, > > Now I've read a million posts on the web, including this list where > > people have reported the same problem. In most cases the problem was > > that the inner-tunnel server wasn't configured for sql. I definitely > > have sql on in the inner-tunnel file (which I will post in a sec). The > > mysql server IS being queried on the initial request, but not in > > inner-tunnel. Can someone please shed some light on this for me > > please. > > Ok, well like I said, mysql wasn't being queried by the inner-tunnel > server. Still not clear on why that was happening, but I worked around > it by commenting out inner-tunnel as the virtual server to use for > peap. So the default server is being used and working. er, it wasnt working when you proxy to inner-tunnel because SQL *WASNT* configured in your inner-tunnel section... go have a look at your inner-tunnel config again and tell me where 'sql' appears in your authenticate section? now see how you have it configured in your 'default' if you use inner-tunnel then you have far more efficient config and server CPU usage etc. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap/eap/mschapv2 + MySQL
> Now I've read a million posts on the web, including this list where > people have reported the same problem. In most cases the problem was > that the inner-tunnel server wasn't configured for sql. I definitely > have sql on in the inner-tunnel file (which I will post in a sec). The > mysql server IS being queried on the initial request, but not in > inner-tunnel. Can someone please shed some light on this for me > please. Ok, well like I said, mysql wasn't being queried by the inner-tunnel server. Still not clear on why that was happening, but I worked around it by commenting out inner-tunnel as the virtual server to use for peap. So the default server is being used and working. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP-EAP-MSCHAPv2
"Bilal Shahid" <[EMAIL PROTECTED]> wrote: > 1- I keep getting the following error > > rlm_eap_mschapv2: Response contains contradictory length 0 54 > > while using PEAP-EAP-MSCHAPv2 to authenticate the XSupplicant with > FreeRADIUS. Following is the partial lof from FreeRADIUS run in debug mode: You need to post the log of the packet which rlm_eap_mschapv2 is processing. The short answer is that the supplicant is not following the EAP-MSCHAP-V2 spec. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html