I have this environment: WinXP PEAP wireless client + linksys AP + freeradius 1.0.5 + openldap (with kerberos password) and I would like to setup the 802.1x peap authentication. Everything works well if I use users file for authenticating wireless client, but if I use ldap users, clients are not authenticated. My password attribute is UserPassword
The error is (I suppose) here:
--------------
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
rlm_mschap: Told to do MS-CHAPv2 for yuri with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: group Auth-Type returns reject for request 6
--------------
Does anyone has a working configuration that looks like (more or less) mine?
--- radiusd.conf ------ > mschap section
mschap {
authtype = MS-CHAP
use_mppe = no
# require_encryption = yes
# require_strong = yes
with_ntdomain_hack = no
}
Thanks, Yuri
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
