'[strongSwan] android client freeradius AD mschapv2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    [strongSwan] android client freeradius AD mschapv2
From:       "=?gb18030?B?t/DAtLfwzfg=?=" <314186514 () qq ! com>
Date:       2019-05-30 3:11:17
Message-ID: tencent_3387C7C8E3EED577B4D3E3D4C147D1197B06 () qq ! com
[Download RAW message or body]

[Attachment #2 (text/plain)]

hi all :


I set up       strongswan ---freeradius ---winbind -----MS AD


Window and   ios  clients  work good.


the  radiusd -Xx    display this :


+++++++++++++++++
Thu May 30 11:01:21 2019 : (5,3)  Auth-Type eap {
Thu May 30 11:01:21 2019 : (5,3)    eap - Peer sent packet with EAP method MSCHAPv2 \
(26) Thu May 30 11:01:21 2019 : (5,3)    eap - Calling submodule eap_mschapv2
Thu May 30 11:01:21 2019 : (5,3)    eap_mschapv2 - Running Auth-Type MS-CHAP from \
file /usr/local/etc/raddb/sites-enabled/default


... ...


Thu May 30 11:01:21 2019 : (5,3)    } # Auth-Type MS-CHAP (ok)



+++++++++++++++++






but  when i use storngSwan VPN Client for Android  




the  radiusd -Xx    display this :


+++++++++++++++++++++++
... ...


Thu May 30 11:00:38 2019 : (2,1)  Auth-Type eap {
Thu May 30 11:00:38 2019 : (2,1)    eap - Peer sent packet with EAP method MD5 (4)
Thu May 30 11:00:38 2019 : (2,1)    eap - Calling submodule eap_md5
Thu May 30 11:00:38 2019 : ERROR: (2,1)    eap_md5 - Cleartext-Password is required \
for EAP-MD5 authentication Thu May 30 11:00:38 2019 : ERROR: (2,1)    eap - Failed in \
EAP MD5 (4) session.  EAP sub-module failed Thu May 30 11:00:38 2019 : ERROR: (2,1)   \
eap - Reply code 0 is unknown, rejecting the request Thu May 30 11:00:38 2019 : (2,1) \
eap - Sending EAP  (code 0) ID 2 length 5 Thu May 30 11:00:38 2019 : (2,1)    eap - \
Cleaning up EAP session Thu May 30 11:00:38 2019 : (2,1)    eap (reject)
Thu May 30 11:00:38 2019 : (2,1)  } # Auth-Type eap (reject)

... ...
+++++++++++++++++++++++




i read  this     https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient



++++++++++++++++
Known Limitations/Issues
Only IKEv2 is supported
Client authentication is limited to:
EAP authentication based on username/password (EAP-MSCHAPv2, EAP-MD5, EAP-GTC)
RSA/ECDSA authentication with private key/certificate
EAP-TLS with private key/certificate (see 1.4.5 for limitations)

++++++++++++++++




what can I do ?




thanks so much!


[Attachment #3 (text/html)]

<div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; \
line-height: 23.8px;">hi all :</div><div style="font-family: 'lucida Grande', \
Verdana, 'Microsoft YaHei'; line-height: 23.8px;"><br></div><div style="font-family: \
'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: 23.8px;">I set up &nbsp; \
&nbsp; &nbsp; strongswan ---freeradius ---winbind -----MS AD</div><div \
style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: \
23.8px;"><br></div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft \
YaHei'; line-height: 23.8px;">Window and &nbsp; ios &nbsp;clients &nbsp;work \
good.</div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; \
line-height: 23.8px;"><br></div><div style="font-family: 'lucida Grande', Verdana, \
'Microsoft YaHei'; line-height: 23.8px;">the &nbsp;radiusd -Xx &nbsp; &nbsp;display \
this :</div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; \
line-height: 23.8px;"><br></div><div style="font-family: 'lucida Grande', Verdana, \
'Microsoft YaHei'; line-height: 23.8px;">+++++++++++++++++</div><div \
style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: \
23.8px;"><div style="line-height: 21px;">Thu May 30 11:01:21 2019 : (5,3) \
&nbsp;Auth-Type eap {</div><div style="line-height: 21px;">Thu May 30 11:01:21 2019 : \
(5,3) &nbsp; &nbsp;eap - Peer sent packet with EAP method MSCHAPv2 (26)</div><div \
style="line-height: 21px;">Thu May 30 11:01:21 2019 : (5,3) &nbsp; &nbsp;eap - \
Calling submodule eap_mschapv2</div><div style="line-height: 21px;">Thu May 30 \
11:01:21 2019 : (5,3) &nbsp; &nbsp;eap_mschapv2 - Running Auth-Type MS-CHAP from file \
/usr/local/etc/raddb/sites-enabled/default</div><div style="line-height: \
21px;"><br></div><div style="line-height: 21px;">... ...</div><div \
style="line-height: 21px;"><br></div><div style="line-height: 21px;">Thu May 30 \
11:01:21 2019 : (5,3) &nbsp; &nbsp;} # Auth-Type MS-CHAP (ok)</div></div><div \
style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: \
21px;"><br></div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft \
YaHei'; line-height: 21px;">+++++++++++++++++</div><div style="font-family: 'lucida \
Grande', Verdana, 'Microsoft YaHei'; line-height: 21px;"><br></div><div \
style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: \
23.8px;"><br></div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft \
YaHei'; line-height: 23.8px;"><br></div><div style="font-family: 'lucida Grande', \
Verdana, 'Microsoft YaHei'; line-height: 23.8px;">but &nbsp;when i use storngSwan VPN \
Client for Android &nbsp;</div><div style="font-family: 'lucida Grande', Verdana, \
'Microsoft YaHei'; line-height: 23.8px;"><br></div><div style="font-family: 'lucida \
Grande', Verdana, 'Microsoft YaHei'; line-height: 23.8px;"><br></div><div \
style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: \
23.8px;">the &nbsp;radiusd -Xx &nbsp; &nbsp;display this :</div><div \
style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: \
23.8px;"><br></div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft \
YaHei'; line-height: 23.8px;">+++++++++++++++++++++++</div><div style="font-family: \
'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: 23.8px;">... ...</div><div \
style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: \
23.8px;"><br></div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft \
YaHei'; line-height: 23.8px;"><div>Thu May 30 11:00:38 2019 : (2,1) &nbsp;Auth-Type \
eap {</div><div>Thu May 30 11:00:38 2019 : (2,1) &nbsp; &nbsp;eap - Peer sent packet \
with EAP method MD5 (4)</div><div>Thu May 30 11:00:38 2019 : (2,1) &nbsp; &nbsp;eap - \
Calling submodule eap_md5</div><div>Thu May 30 11:00:38 2019 : ERROR: (2,1) &nbsp; \
&nbsp;eap_md5 - Cleartext-Password is required for EAP-MD5 \
authentication</div><div>Thu May 30 11:00:38 2019 : ERROR: (2,1) &nbsp; &nbsp;eap - \
Failed in EAP MD5 (4) session. &nbsp;EAP sub-module failed</div><div>Thu May 30 \
11:00:38 2019 : ERROR: (2,1) &nbsp; &nbsp;eap - Reply code 0 is unknown, rejecting \
the request</div><div>Thu May 30 11:00:38 2019 : (2,1) &nbsp; &nbsp;eap - Sending EAP \
&nbsp;(code 0) ID 2 length 5</div><div>Thu May 30 11:00:38 2019 : (2,1) &nbsp; \
&nbsp;eap - Cleaning up EAP session</div><div>Thu May 30 11:00:38 2019 : (2,1) &nbsp; \
&nbsp;eap (reject)</div><div>Thu May 30 11:00:38 2019 : (2,1) &nbsp;} # Auth-Type eap \
(reject)</div></div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft \
YaHei'; line-height: 23.8px;">... ...</div><div style="font-family: 'lucida Grande', \
Verdana, 'Microsoft YaHei'; line-height: 23.8px;">+++++++++++++++++++++++</div><div \
style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: \
23.8px;"><br></div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft \
YaHei'; line-height: 23.8px;"><br></div><div style="font-family: 'lucida Grande', \
Verdana, 'Microsoft YaHei'; line-height: 23.8px;">i read &nbsp;this &nbsp; \
&nbsp;&nbsp;<a href="https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient" \
rel="noopener" target="_blank" style="outline: none; cursor: pointer; color: rgb(78, \
93, 128);">https://wiki<wbr>.strongswan.<wbr>org/projects<wbr>/strongswan/<wbr>wiki/Android<wbr>VPNClient</a></div><div \
style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: \
23.8px;"><br></div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft \
YaHei'; line-height: 23.8px;">++++++++++++++++</div><div style="font-family: 'lucida \
Grande', Verdana, 'Microsoft YaHei'; line-height: 23.8px;"><div>Known \
Limitations/Issues</div><div>Only IKEv2 is supported</div><div>Client authentication \
is limited to:</div><div>EAP authentication based on username/password (EAP-MSCHAPv2, \
EAP-MD5, EAP-GTC)</div><div>RSA/ECDSA authentication with private \
key/certificate</div><div>EAP-TLS with private key/certificate (see 1.4.5 for \
limitations)</div></div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft \
YaHei'; line-height: 23.8px;">++++++++++++++++</div><div style="font-family: 'lucida \
Grande', Verdana, 'Microsoft YaHei'; line-height: 23.8px;"><br></div><div \
style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: \
23.8px;"><br></div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft \
YaHei'; line-height: 23.8px;">what can I do ?</div><div style="font-family: 'lucida \
Grande', Verdana, 'Microsoft YaHei'; line-height: 23.8px;"><br></div><div \
style="font-family: 'lucida Grande', Verdana, 'Microsoft YaHei'; line-height: \
23.8px;"><br></div><div style="font-family: 'lucida Grande', Verdana, 'Microsoft \
YaHei'; line-height: 23.8px;">thanks so much!</div><div style="font-family: 'lucida \
Grande', Verdana, 'Microsoft YaHei'; line-height: 23.8px;"><br></div></div>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic