Re: windows client authentication error

[shirkavand]

Hi there,

Thank you very much. It worked like a charm.

Cheers,

Shirkavand
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: windows client authentication error

[Alan Buxey]

Hi,

> 5- Then uncommented the "sql" line for the following sections in the 
> /etc/freeradius/sites/enabled/default file:
> a) authorize
> b) accounting
> c) session
> d) post-auth
> 6- Ran a radtest, and everyhtin worked fine

ouch. so close!

when you are doing EAP from windows, the server will jump from the default
virtual-server into the inner-tunnel virtual server. you will need to enable
sql in the inner-tunnel VS too.

a read of the full radiusd -X would have shown this happening.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: windows client authentication error

[shirkavand]

Hi there,

Thanks for your help.

>Does PAP work?

OK as i understand (correct me if i am wrong) no matter if I use MySql or
users.cof file for validating the users, if i execute:

*$radtest sqltest testpwd localhost 1812 testing123*

and the message i get is ( from both, the server terminal window, and the
radtest terminal window):

*Access-Accept*

Means that PAP worked fine. If this is right, then i must say: yes PAP
works.

>Did you configure the "sql" module?

i am not sure what you exactly mean with "sql module", but I can tell what i
did configure for sql+freradius:

1- In /etc/freeradius/radiusd.conf i uncommented the line "$INCLUDE
sql.conf"
2- Create a DB called "radius" and create a user called "radius" with full
access to the just created DB
3- Load mysql schema and insert into radcheck table a user(the schema i used
was /etc/freeradius/sql/mysql/schema.sql)
*NOTE: i just insert a user into radcheck table, i did not populate any
other table
4- Configure /etc/freeradius/sql.conf with my just created DB
parameters(server, login, password) and uncommented the line "readclients =
yes"
5- Then uncommented the "sql" line for the following sections in the
/etc/freeradius/sites/enabled/default file:
a) authorize
b) accounting
c) session
d) post-auth
6- Ran a radtest, and everyhtin worked fine

Did i aswered your question?

>Is the PEAP request for user "sqltest"?

Yes, on the windows supplicant machine, i gave my credentials as follows:

Login: sqltest
password: testpwd
domain:

I leaved domain always blank because i have not configurated any domain yet.

> If you take a step by step approach, it should be trivial to configure.

Well, i did not test the server with users.conf file. Once freeradius was
installed and working, i just jump to install and configure mysql and make
the first radtest using both. The radtest worked just fine.

If you think that using the users.conf first could give me any clue about
the erros i am having, i will not hesisate to test it.

Any idea?

Cheers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: windows client authentication error

[Alan DeKok]

shirkavand wrote:
> I have into radcheck table the next user created:
> 
> 1 | sqltest  | Cleartext-Password | := | testpwd
> 
> Dont know what i get the "No Cleartext-Password configured" error too.

  Does PAP work?

  Did you configure the "sql" module?

  Is the PEAP request for user "sqltest"?

  If you take a step by step approach, it should be trivial to configure.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: windows client authentication error

[shirkavand]

I have into radcheck table the next user created:

1 | sqltest  | Cleartext-Password | := | testpwd

Dont know what i get the "No Cleartext-Password configured" error too.

Cheers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html