Hi guys,
I'm with problems on my first radius authentication server for
wireless clients. I've made some progress, but now I'm with problems
that I don't know how to solve.
I want to use the NIS user database.
Freeradius version: 2.1.1, compiled from source on mandriva 2008.1
(yes, i don't like mandriva, but i have to use it)
With radtest, I already can authenticate with users located on
/etc/raddb/users/ , /etc/passwd and NIS' users:
Example:
[EMAIL PROTECTED]:~$ radtest leonardo lalala 172.16.0.2 0 xpto
Sending Access-Request of id 65 to 172.16.0.2 port 1812
User-Name = "leonardo"
User-Password = "radius1234"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 172.16.0.2 port 1812, id=65, length=20
[EMAIL PROTECTED]:~$ radtest usuario1 lalala 172.16.0.2 0 xpto
Sending Access-Request of id 57 to 172.16.0.2 port 1812
User-Name = "usuario1"
User-Password = "senha1"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 172.16.0.2 port 1812, id=57, length=20
[EMAIL PROTECTED]:~$ radtest localradius lalala 172.16.0.2 0 xpto
Sending Access-Request of id 135 to 172.16.0.2 port 1812
User-Name = "localradius"
User-Password = "radius1234"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 172.16.0.2 port 1812, id=212, length=20
Until here, everything was ok, the problems begins when I try
authenticate through wireless access point:
The PEAP doesn't work. And by TTLS/MSCHAPv2 works, but only for users
located on the /etc/raddb/users file, and not for NIS' or passwd'
users.
Error that happens when a I try connect with TTLS/MSCHAPv2 and with
user not listed on the /etc/raddb/users file:
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for leonardo with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
I've uploaded the /etc/raddb/radiusd.conf,/ etc/raddb/eap.conf, module
/etc/raddb/modules/mschap and also a log from the radiusd -X with a
login try which generates the above error and the radiusd startup on
the server: http://ivete.fis.unb.br/fradius/
I've found on google a discussion, on this list
(http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg48660.html),
which a guy had the same error than me, but he was using the ldap
database as user's database. And I don't understood what procedures he
used to solve his problems.
Please, if somebody have some tip, tell me, I don't know what to do anymore :/
Sorry for the poor english.
Thanks in advance,
--
---------------------------
Leonardo Marques
---------------------------
Blog: BeNerd.analyx.org
Website: www.analyx.org
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
