[RADIATOR] PEAP Unknow Problem
Raúl Tejeda Calero
raul.tejeda at satec.es
Wed Feb 16 11:58:52 CST 2011
Thanks Christian!!
It looks better, but don´t work. Now, the challenge pass-through to the MSCHAP-V2 Handler, but it shows the same error message:
++++++++++++
Handling request with Handler 'NAS-IP-Address="<WLC-IP>",TunnelledByPEAP=1', Identifier 'EAP-MSCHAP-V2'
Deleting session for anonymous, <WLC-IP>, 13
Handling with Radius::AuthFILE:
Handling with EAP: code 2, 12, 60, 26
Response type 26
Rewrote identity to mikem
Reading users file /etc/radiator/users
Radius::AuthFILE looks for match with mikem [anonymous]
Radius::AuthFILE ACCEPT: : mikem [anonymous]
EAP result: 1, EAP MSCHAP-V2 Authentication failure
AuthBy FILE result: REJECT, EAP MSCHAP-V2 Authentication failure
Access rejected for anonymous: EAP MSCHAP-V2 Authentication failure
+++++++++++++
Regards,
Raúl Tejeda
Radius.cfg:
######################################################################################################
######################################################################################################
#basic configuration
# inner auth with MS-CHAP-V2
<Handler NAS-IP-Address="<IP-WLC>",TunnelledByPEAP=1>
Identifier EAP-MSCHAP-V2
<AuthBy FILE>
RewriteUsername s/(.*)\\(.*)/$2/
EAPType MSCHAP-V2
Filename %D/users
# EAPTLS_CAFile %D/certificados/CA.pem
# EAPTLS_CertificateFile %D/certificados/serv.pem
# EAPTLS_CertificateType PEM
# EAPTLS_PrivateKeyFile %D/certificados/serv.key
# EAPTLS_MaxFragmentSize 500
</AuthBy>
</Handler>
# outer auth with just PEAP
<Handler NAS-IP-Address="<IP-WLC>">
Identifier EAP-PEAP
<AuthBy FILE>
EAPType PEAP
Filename %D/users-eap
EAPTLS_CAFile %D/certificados/CA.pem
EAPTLS_CAPath %D/certificados
EAPTLS_CertificateFile %D/certificados/Serv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificados/Serv.key
EAPTLS_MaxFragmentSize 500
</AuthBy>
</Handler>
Log Detail:
######################################################################################################
######################################################################################################
Wed Feb 16 18:19:58 2011: NOTICE: SIGTERM received: stopping
Wed Feb 16 18:19:58 2011: DEBUG: Finished reading configuration file '/etc/radiator/radius.cfg'
Wed Feb 16 18:19:58 2011: DEBUG: Reading dictionary file '/etc/radiator/dictionary'
Wed Feb 16 18:19:58 2011: DEBUG: Creating authentication port <RAD-IP>:1812
Wed Feb 16 18:19:58 2011: DEBUG: Creating accounting port <RAD-IP>:1813
Wed Feb 16 18:19:58 2011: NOTICE: Server started: Radiator 4.7 on <RAD-SERV>
Wed Feb 16 18:20:17 2011: DEBUG: Packet dump:
*** Received from <WLC-IP> port 32768 ....
Code: Access-Request
Identifier: 122
Authentic: <231>\*<142>f<141>O<224><176><206>k<183>{<212>K<27>
Attributes:
User-Name = "mikem"
Calling-Station-Id = "<PC-MAC>"
Called-Station-Id = "<WLC-MAC>:Prueba"
NAS-Port = 13
NAS-IP-Address = <WLC-IP>
NAS-Identifier = "<WLC-1>"
Airespace-WLAN-Id = 4
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
Tunnel-Type = 0:VLAN
Tunnel-Medium-Type = 0:802
Tunnel-Private-Group-ID = 509
EAP-Message = <2><2><0><10><1>mikem
Message-Authenticator = <187><240><2><212><255><230><223><191><202><178>t<19>PA;<0>
Wed Feb 16 18:20:17 2011: DEBUG: Handling request with Handler 'NAS-IP-Address="<WLC-IP>"', Identifier 'EAP-PEAP'
Wed Feb 16 18:20:17 2011: DEBUG: Deleting session for mikem, <WLC-IP>, 13
Wed Feb 16 18:20:17 2011: DEBUG: Handling with Radius::AuthFILE:
Wed Feb 16 18:20:17 2011: DEBUG: Handling with EAP: code 2, 2, 10, 1
Wed Feb 16 18:20:17 2011: DEBUG: Response type 1
Wed Feb 16 18:20:17 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed Feb 16 18:20:17 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Wed Feb 16 18:20:17 2011: DEBUG: Access challenged for mikem: EAP PEAP Challenge
Wed Feb 16 18:20:17 2011: DEBUG: Packet dump:
*** Sending to <WLC-IP> port 32768 ....
Code: Access-Challenge
Identifier: 122
Authentic: <2>j<251>)<2>J<207>MD<183><139>^4<138>K-
Attributes:
EAP-Message = <1><3><0><6><25>!
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Feb 16 18:20:17 2011: DEBUG: Packet dump:
*** Received from <WLC-IP> port 32768 ....
Code: Access-Request
Identifier: 123
Authentic: <6><184><200><17>g<18>a<231>X<203><239><161><138><174>"<159>
Attributes:
User-Name = "mikem"
Calling-Station-Id = "<PC-MAC>"
Called-Station-Id = "<WLC-MAC>:Prueba"
NAS-Port = 13
NAS-IP-Address = <WLC-IP>
NAS-Identifier = "<WLC-1>"
Airespace-WLAN-Id = 4
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
Tunnel-Type = 0:VLAN
Tunnel-Medium-Type = 0:802
Tunnel-Private-Group-ID = 509
Message-Authenticator = <149>y<167><16><170>S6<252><134><223><140><178><246><228><205><143>
Wed Feb 16 18:20:17 2011: DEBUG: Handling request with Handler 'NAS-IP-Address="<WLC-IP>"', Identifier 'EAP-PEAP'
Wed Feb 16 18:20:17 2011: DEBUG: Deleting session for mikem, <WLC-IP>, 13
Wed Feb 16 18:20:17 2011: DEBUG: Handling with Radius::AuthFILE:
Wed Feb 16 18:20:17 2011: DEBUG: Handling with EAP: code 2, 3, 87, 25
Wed Feb 16 18:20:17 2011: DEBUG: Response type 25
Wed Feb 16 18:20:17 2011: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Wed Feb 16 18:20:17 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed Feb 16 18:20:17 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Wed Feb 16 18:20:17 2011: DEBUG: Access challenged for mikem: EAP PEAP Challenge
Wed Feb 16 18:20:17 2011: DEBUG: Packet dump:
*** Sending to <WLC-IP> port 32768 ....
Code: Access-Challenge
Identifier: 123
Authentic: <27><147><240>De<225>Db<156><207>><24>;<191><141><132>
Attributes:
EAP-Message = <211><157><150><226>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Feb 16 18:20:17 2011: DEBUG: Packet dump:
*** Received from <WLC-IP> port 32768 ....
Code: Access-Request
Identifier: 129
Authentic: [<144>6<185> y<21><7><140><<217><155>@<128><13><213>
Attributes:
User-Name = "mikem"
Calling-Station-Id = "<PC-MAC>"
Called-Station-Id = "<WLC-MAC>:Prueba"
NAS-Port = 13
NAS-IP-Address = <WLC-IP>
NAS-Identifier = "<WLC-1>"
Airespace-WLAN-Id = 4
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
Tunnel-Type = 0:VLAN
Tunnel-Medium-Type = 0:802
Tunnel-Private-Group-ID = 509
Message-Authenticator = <240><196><24><154>[<132><229><30><7><197><144><212><7>4<131>/
Wed Feb 16 18:20:17 2011: DEBUG: Handling request with Handler 'NAS-IP-Address="<WLC-IP>"', Identifier 'EAP-PEAP'
Wed Feb 16 18:20:17 2011: DEBUG: Deleting session for mikem, <WLC-IP>, 13
Wed Feb 16 18:20:17 2011: DEBUG: Handling with Radius::AuthFILE:
Wed Feb 16 18:20:17 2011: DEBUG: Handling with EAP: code 2, 9, 192, 25
Wed Feb 16 18:20:17 2011: DEBUG: Response type 25
Wed Feb 16 18:20:17 2011: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Wed Feb 16 18:20:17 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed Feb 16 18:20:17 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Wed Feb 16 18:20:17 2011: DEBUG: Access challenged for mikem: EAP PEAP Challenge
Wed Feb 16 18:20:17 2011: DEBUG: Packet dump:
*** Sending to <WLC-IP> port 32768 ....
Code: Access-Challenge
Identifier: 129
Authentic: <149><227><231>?<192>9d<23>4<139>[B&<133>-<194>
Attributes:
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Feb 16 18:20:17 2011: DEBUG: Packet dump:
*** Received from <WLC-IP> port 32768 ....
Code: Access-Request
Identifier: 131
Authentic: <150>6<187>S<140><0>r<187><233><174><230><241><242>?<24>0
Attributes:
User-Name = "mikem"
Calling-Station-Id = "<PC-MAC>"
Called-Station-Id = "<WLC-MAC>:Prueba"
NAS-Port = 13
NAS-IP-Address = <WLC-IP>
NAS-Identifier = "<WLC-1>"
Airespace-WLAN-Id = 4
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
Tunnel-Type = 0:VLAN
Tunnel-Medium-Type = 0:802
Tunnel-Private-Group-ID = 509
EAP-Message = <2><11><0>!<25><0><23><3><1><0><22><160><216><196><168><187>.<205><227>o8<4><214>i<234><198>yw<143><194><136>]j
Message-Authenticator = <183>[qp<3>J[<218>re<7>&<143><171><209><146>
Wed Feb 16 18:20:17 2011: DEBUG: Handling request with Handler 'NAS-IP-Address="<WLC-IP>"', Identifier 'EAP-PEAP'
Wed Feb 16 18:20:17 2011: DEBUG: Deleting session for mikem, <WLC-IP>, 13
Wed Feb 16 18:20:17 2011: DEBUG: Handling with Radius::AuthFILE:
Wed Feb 16 18:20:17 2011: DEBUG: Handling with EAP: code 2, 11, 33, 25
Wed Feb 16 18:20:17 2011: DEBUG: Response type 25
Wed Feb 16 18:20:17 2011: DEBUG: EAP PEAP inner authentication request for anonymous
Wed Feb 16 18:20:17 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: @<137><147>9<1><242><234>@<9>k<215>a<242><133><6>R
Attributes:
EAP-Message = <2><11><0><6><1>mikem
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NAS-IP-Address = <WLC-IP>
NAS-Identifier = "<WLC-1>"
NAS-Port = 13
Calling-Station-Id = "<PC-MAC>"
User-Name = "anonymous"
Wed Feb 16 18:20:17 2011: DEBUG: Handling request with Handler 'NAS-IP-Address="<WLC-IP>",TunnelledByPEAP=1', Identifier 'EAP-MSCHAP-V2'
Wed Feb 16 18:20:17 2011: DEBUG: Deleting session for anonymous, <WLC-IP>, 13
Wed Feb 16 18:20:17 2011: DEBUG: Handling with Radius::AuthFILE:
Wed Feb 16 18:20:17 2011: DEBUG: Handling with EAP: code 2, 11, 6, 1
Wed Feb 16 18:20:17 2011: DEBUG: Response type 1
Wed Feb 16 18:20:17 2011: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Wed Feb 16 18:20:17 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP MSCHAP-V2 Challenge
Wed Feb 16 18:20:17 2011: DEBUG: Access challenged for anonymous: EAP MSCHAP-V2 Challenge
Wed Feb 16 18:20:17 2011: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: @<137><147>9<1><242><234>@<9>k<215>a<242><133><6>R
Attributes:
EAP-Message = <1><12><0>'<26><1><12><0>"<16>@<18>N<3><11>;<247><26><162>w0<3><167>3<223><203><RAD-SERV>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Feb 16 18:20:17 2011: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
Wed Feb 16 18:20:17 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
Wed Feb 16 18:20:17 2011: DEBUG: Access challenged for mikem: EAP PEAP inner authentication redispatched to a Handler
Wed Feb 16 18:20:17 2011: DEBUG: Packet dump:
*** Sending to <WLC-IP> port 32768 ....
Code: Access-Challenge
Identifier: 131
Authentic: <230>9<243><16>0k<227>F<166><249><241><221><9><204><168>6
Attributes:
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Feb 16 18:20:17 2011: DEBUG: Packet dump:
*** Received from <WLC-IP> port 32768 ....
Code: Access-Request
Identifier: 132
Authentic: <6><3><184>0E<218><249>^/1<191>u<214><253>d<216>
Attributes:
User-Name = "mikem"
Calling-Station-Id = "<PC-MAC>"
Called-Station-Id = "<WLC-MAC>:Prueba"
NAS-Port = 13
NAS-IP-Address = <WLC-IP>
NAS-Identifier = "<WLC-1>"
Airespace-WLAN-Id = 4
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
Tunnel-Type = 0:VLAN
Tunnel-Medium-Type = 0:802
Tunnel-Private-Group-ID = 509
Message-Authenticator = <254><179><143><235><1>{Gt<220>H<136><132>$<184>KZ
Wed Feb 16 18:20:17 2011: DEBUG: Handling request with Handler 'NAS-IP-Address="<WLC-IP>"', Identifier 'EAP-PEAP'
Wed Feb 16 18:20:17 2011: DEBUG: Deleting session for mikem, <WLC-IP>, 13
Wed Feb 16 18:20:17 2011: DEBUG: Handling with Radius::AuthFILE:
Wed Feb 16 18:20:17 2011: DEBUG: Handling with EAP: code 2, 12, 87, 25
Wed Feb 16 18:20:17 2011: DEBUG: Response type 25
Wed Feb 16 18:20:17 2011: DEBUG: EAP PEAP inner authentication request for anonymous
Wed Feb 16 18:20:17 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <221>b<24><150>N}n-<159><245><25> <216><216><199>H
Attributes:
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NAS-IP-Address = <WLC-IP>
NAS-Identifier = "<WLC-1>"
NAS-Port = 13
Calling-Station-Id = "<PC-MAC>"
User-Name = "anonymous"
Wed Feb 16 18:20:17 2011: DEBUG: Handling request with Handler 'NAS-IP-Address="<WLC-IP>",TunnelledByPEAP=1', Identifier 'EAP-MSCHAP-V2'
Wed Feb 16 18:20:17 2011: DEBUG: Deleting session for anonymous, <WLC-IP>, 13
Wed Feb 16 18:20:17 2011: DEBUG: Handling with Radius::AuthFILE:
Wed Feb 16 18:20:17 2011: DEBUG: Handling with EAP: code 2, 12, 60, 26
Wed Feb 16 18:20:17 2011: DEBUG: Response type 26
Wed Feb 16 18:20:17 2011: DEBUG: Rewrote identity to mikem
Wed Feb 16 18:20:17 2011: DEBUG: Reading users file /etc/radiator/users
Wed Feb 16 18:20:17 2011: DEBUG: Radius::AuthFILE looks for match with mikem [anonymous]
Wed Feb 16 18:20:17 2011: DEBUG: Radius::AuthFILE ACCEPT: : mikem [anonymous]
Wed Feb 16 18:20:17 2011: DEBUG: EAP result: 1, EAP MSCHAP-V2 Authentication failure
Wed Feb 16 18:20:17 2011: DEBUG: AuthBy FILE result: REJECT, EAP MSCHAP-V2 Authentication failure
Wed Feb 16 18:20:17 2011: INFO: Access rejected for anonymous: EAP MSCHAP-V2 Authentication failure
Wed Feb 16 18:20:17 2011: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Reject
Identifier: UNDEF
Authentic: <221>b<24><150>N}n-<159><245><25> <216><216><199>H
Attributes:
EAP-Message = <4><12><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Wed Feb 16 18:20:17 2011: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
Wed Feb 16 18:20:17 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
Wed Feb 16 18:20:17 2011: DEBUG: Access challenged for mikem: EAP PEAP inner authentication redispatched to a Handler
Wed Feb 16 18:20:17 2011: DEBUG: Packet dump:
*** Sending to <WLC-IP> port 32768 ....
Code: Access-Challenge
Identifier: 132
Authentic: <129>[<213><243><188><140><211><137><151>n\<8><170><8><232>v
Attributes:
EAP-Message = <1><13><0>&<25><0><23><3><1><0><27><142><161>LC<17>Mf<13>z<223>s'f<169>m<243><31>p<3><176><238>%<228><1><13>E<214>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Feb 16 18:20:17 2011: DEBUG: Packet dump:
*** Received from <WLC-IP> port 32768 ....
Code: Access-Request
Identifier: 133
Authentic: <&,<153><12>#J<149><224><205>m<195><157>O]<255>
Attributes:
User-Name = "mikem"
Calling-Station-Id = "<PC-MAC>"
Called-Station-Id = "<WLC-MAC>:Prueba"
NAS-Port = 13
NAS-IP-Address = <WLC-IP>
NAS-Identifier = "<WLC-1>"
Airespace-WLAN-Id = 4
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
Tunnel-Type = 0:VLAN
Tunnel-Medium-Type = 0:802
Tunnel-Private-Group-ID = 509
EAP-Message = <2><13><0>&<25><0><23><3><1><0><27>$<146><203>O<132><10><166><202>5<12>=<173><31><155><17><213><27><205><235><242>m<156><2>sU9:
Message-Authenticator = :<19>e<28><248><178><134><127><225><13><192><236>m<149><8><241>
Wed Feb 16 18:20:17 2011: DEBUG: Handling request with Handler 'NAS-IP-Address="<WLC-IP>"', Identifier 'EAP-PEAP'
Wed Feb 16 18:20:17 2011: DEBUG: Deleting session for mikem, <WLC-IP>, 13
Wed Feb 16 18:20:17 2011: DEBUG: Handling with Radius::AuthFILE:
Wed Feb 16 18:20:17 2011: DEBUG: Handling with EAP: code 2, 13, 38, 25
Wed Feb 16 18:20:17 2011: DEBUG: Response type 25
Wed Feb 16 18:20:17 2011: DEBUG: EAP result: 1, PEAP Authentication Failure
Wed Feb 16 18:20:17 2011: DEBUG: AuthBy FILE result: REJECT, PEAP Authentication Failure
Wed Feb 16 18:20:17 2011: INFO: Access rejected for mikem: PEAP Authentication Failure
Wed Feb 16 18:20:17 2011: DEBUG: Packet dump:
*** Sending to <WLC-IP> port 32768 ....
Code: Access-Reject
Identifier: 133
Authentic: <139><15>:<199><235><158>(<143><131><134><189><152> 6L<217>
Attributes:
EAP-Message = <4><13><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
######################################################################################################
######################################################################################################
________________________________________
De: Christian Kratzer [ck at cksoft.de]
Enviado el: miércoles, 16 de febrero de 2011 16:36
Para: Raúl Tejeda Calero
CC: radiator at open.com.au
Asunto: Re: [RADIATOR] PEAP Unknow Problem
Hi,
On Wed, 16 Feb 2011, Raúl Tejeda Calero wrote:
> Hi,
>
> I´m still having problems with my PEAP-MSCHAP-V2 configuration.
>
> But the problem seems more complex this time and I don´t sure to understand the process.
>
> The log shows this:
>
> Schema:
> 1) EAPChallenge for mikem
> 2) Access challenged for anonymous: EAP PEAP Challenge
> 3) Access challenged for mikem: EAP PEAP inner authentication redispatched to a Handler
> 4) EAP PEAP inner authentication request for anonymous
> 5) Access challenged for anonymous: EAP MSCHAP-V2 Challenge
> 6) Access challenged for mikem: EAP PEAP inner authentication redispatched to a Handler
> 7) Radius::AuthFILE looks for match with mikem [anonymous]
> Radius::AuthFILE ACCEPT: : mikem [anonymous]
> EAP result: 1, EAP MSCHAP-V2 Authentication failure
>
> Thanks for the help.
> Raúl Tejeda
>
> ** Details: **
>
> Radius.cfg:
> ######################################################################################################
> ######################################################################################################
>
> # Basic radius configuration #
>
> # outer auth with just PEAP
> <Handler NAS-IP-Address="<WLC-IP>">
> <AuthBy FILE>
> EAPType PEAP, MSCHAP-V2
> Filename %D/users-eap
> EAPTLS_CAFile %D/certificados/CAxxx.pem
> EAPTLS_CAPath %D/certificados
> EAPTLS_CertificateFile %D/certificados/serverxxx.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile %D/certificados/serverxxx.key
> EAPTLS_MaxFragmentSize 500
> </AuthBy>
> </Handler>
>
> # inner auth with MS-CHAP-V2
> <Handler NAS-IP-Address="<WLC-IP>",TunnelledByPEAP=1>
> <AuthBy FILE>
> RewriteUsername s/(.*)\\(.*)/$2/
> EAPType MSCHAP-V2
> Filename %D/users
> EAPTLS_CAFile %D/certificados/CAxxx.pem
> EAPTLS_CertificateFile %D/certificados/serverxxx.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile %D/certificados/serverxxx.key
> EAPTLS_MaxFragmentSize 500
> </AuthBy>
> </Handler>
you might want to do the following:
1. Swap the order of the two handlers so that the more specific TunneledByPEAP handler
is checked first. From looking at your logs it seems all requests go
into your outer auth handler and thus into the wrong AuthBy FILE.
2. Drop the MSCHAP-V2 from your EAPType list in your outer auth handler.
It is of no use there as there is no MSCHAP in the outer authentication.
3. Drop all the EAPTLS options from your inner auth as they are no use for MSCHAP.
4. Add identifiers to both handlers so you can more easily identify them in your logs.
Something like this for the outer handler
Identifier EAP-PEAP
and this for the inner
Identifier EAP-MSCHAP-V2
This should get you a bit further. If it still does not work post the
new config and the appropriate log and we should see what is happening.
Greetings
Christian Kratzer
CK Software GmbH
--
Christian Kratzer CK Software GmbH
Email: ck at cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer
More information about the radiator
mailing list