Re: issues with peap + tlv part 1
On 7/27/06, Damon McDougald [EMAIL PROTECTED] wrote: I have gotten this to work with ntradping and radtest...just not windows ce client. It is an issue with mschapv2 and ntlmv2. As radtest doesn't know anything about peap (and a quick glance at Novell's left me with the impression that ntradping doesn't so neither) you checked for something different, when that worked. If you wish to enable EAP/PEAP you should follow the advice Alan gave you (and as is documented). Otherwise try duplicating the setup for your tests to your environment (_not_ using EAP/PEAP) for whatever purpose that fits. But please stop throwing allegations about issues whith mschapv2 and ntlmv2 (whatever that might be, at least it's not part of freeradius). regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: issues with peap + tlv part 1
Damon McDougald [EMAIL PROTECTED] wrote: Here is my dillema: rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. I suggest reading the *earlier* messages in the debug log. They tell you when the user was rejected, and why. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: issues with peap + tlv part 1
Yes, I have read the earlier debug message stating failure in mschapv2. I have tried not using mschapv2 and various other configs, but with no luck. I see this is a common issue that many people have encoutered but with vague answers and references. Has anyone put together an faq that is more descriptive or does anyone have a more descriptive answer beside look in the debug trace? --- Alan DeKok [EMAIL PROTECTED] wrote: Damon McDougald [EMAIL PROTECTED] wrote: Here is my dillema: rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. I suggest reading the *earlier* messages in the debug log. They tell you when the user was rejected, and why. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: issues with peap + tlv part 1
Damon McDougald [EMAIL PROTECTED] wrote: Yes, I have read the earlier debug message stating failure in mschapv2. That is the problem, not the message saying the authentication was rejected earlier in the session. I have tried not using mschapv2 and various other configs, but with no luck. I see this is a common issue that many people have encoutered but with vague answers and references. Nonsense. The answers are consistent and clear: follow the documentation and it will work. In your case, you didn't tell the server what the *correct* password was for the user. So it's impossible to authenticate the user, because the server has no idea if the password they entered matches the correct one. Has anyone put together an faq that is more descriptive or does anyone have a more descriptive answer beside look in the debug trace? Configure a password for the user, and it WILL work. In your case, it matches a DEFAULT entry in the users file, which doesn't have the users password. And you haven't configured the server to get the password from a database, either. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: issues with peap + tlv part 1
I have gotten this to work with ntradping and radtest...just not windows ce client. It is an issue with mschapv2 and ntlmv2. --- Alan DeKok [EMAIL PROTECTED] wrote: Damon McDougald [EMAIL PROTECTED] wrote: Yes, I have read the earlier debug message stating failure in mschapv2. That is the problem, not the message saying the authentication was rejected earlier in the session. I have tried not using mschapv2 and various other configs, but with no luck. I see this is a common issue that many people have encoutered but with vague answers and references. Nonsense. The answers are consistent and clear: follow the documentation and it will work. In your case, you didn't tell the server what the *correct* password was for the user. So it's impossible to authenticate the user, because the server has no idea if the password they entered matches the correct one. Has anyone put together an faq that is more descriptive or does anyone have a more descriptive answer beside look in the debug trace? Configure a password for the user, and it WILL work. In your case, it matches a DEFAULT entry in the users file, which doesn't have the users password. And you haven't configured the server to get the password from a database, either. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html