[strongSwan] android client freeradius AD mschapv2

佛来佛网 314186514 at qq.com
Thu May 30 05:11:17 CEST 2019 

hi all :


I set up       strongswan ---freeradius ---winbind -----MS AD


Window and   ios  clients  work good.


the  radiusd -Xx    display this :


+++++++++++++++++
Thu May 30 11:01:21 2019 : (5,3)  Auth-Type eap {
Thu May 30 11:01:21 2019 : (5,3)    eap - Peer sent packet with EAP method MSCHAPv2 (26)
Thu May 30 11:01:21 2019 : (5,3)    eap - Calling submodule eap_mschapv2
Thu May 30 11:01:21 2019 : (5,3)    eap_mschapv2 - Running Auth-Type MS-CHAP from file /usr/local/etc/raddb/sites-enabled/default


... ...


Thu May 30 11:01:21 2019 : (5,3)    } # Auth-Type MS-CHAP (ok)



+++++++++++++++++






but  when i use storngSwan VPN Client for Android  




the  radiusd -Xx    display this :


+++++++++++++++++++++++
... ...


Thu May 30 11:00:38 2019 : (2,1)  Auth-Type eap {
Thu May 30 11:00:38 2019 : (2,1)    eap - Peer sent packet with EAP method MD5 (4)
Thu May 30 11:00:38 2019 : (2,1)    eap - Calling submodule eap_md5
Thu May 30 11:00:38 2019 : ERROR: (2,1)    eap_md5 - Cleartext-Password is required for EAP-MD5 authentication
Thu May 30 11:00:38 2019 : ERROR: (2,1)    eap - Failed in EAP MD5 (4) session.  EAP sub-module failed
Thu May 30 11:00:38 2019 : ERROR: (2,1)    eap - Reply code 0 is unknown, rejecting the request
Thu May 30 11:00:38 2019 : (2,1)    eap - Sending EAP  (code 0) ID 2 length 5
Thu May 30 11:00:38 2019 : (2,1)    eap - Cleaning up EAP session
Thu May 30 11:00:38 2019 : (2,1)    eap (reject)
Thu May 30 11:00:38 2019 : (2,1)  } # Auth-Type eap (reject)

... ...
+++++++++++++++++++++++




i read  this     https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient


++++++++++++++++
Known Limitations/Issues
Only IKEv2 is supported
Client authentication is limited to:
EAP authentication based on username/password (EAP-MSCHAPv2, EAP-MD5, EAP-GTC)
RSA/ECDSA authentication with private key/certificate
EAP-TLS with private key/certificate (see 1.4.5 for limitations)

++++++++++++++++




what can I do ?




thanks so much!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190530/8f27ca53/attachment.html>

More information about the Users mailing list