PEAP mschapv2 using xp native supplicant
Ryan Setiawan H
ryan.setiawan at banknisp.com
Fri Aug 1 05:12:03 CEST 2008
oh and also when using users file the PEAP just run with no problem, the
problem rise only when using LDAP
Thanks
Ryan Setiawan H wrote:
> Hi all,
> I'm using eap for authentication on wired connection ( using
> freeradius 2.0.5 and LDAP backend ), most of our clients are windows
> machine so there's little choice for using eap, that is eap-MD5 and
> PEAP mschapv2.
> Using EAP-MD5 there isn't any problem, the problem begin with PEAP
> mschapv2
>
> the debug :
> -----------------------------------------------------------------
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in ou=dialup,dc=xxx,dc=com, with filter
> (uid=testing)
> rlm_ldap: checking if remote access for testing is allowed by uid
> rlm_ldap: Added User-Password = Testing10 in check items
> ---------------------------------------------------------------
> clearly freeradius can see the password and also it clear text :)
> below i also add samba schema that contain LM and NT password
> ---------------------------------------------------------------
> rlm_ldap: looking for check items in directory...
> rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute
> Login-Time == "Wk0800-1800"
> rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
> 0x54657374696e6731
> rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
> 0x54657374696e6731
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS
> attribute Tunnel-Private-Group-Id:0 = "101"
> rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
> Tunnel-Medium-Type:0 = IEEE-802
> rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
> Tunnel-Type:0 = VLAN
> rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
> Framed-Protocol = PPP
> rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
> Service-Type = Framed-User
> rlm_ldap: user testing authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> -------------------------------------------------------------------
> mschap module say no clear text pasword and also can't create LM and
> NT password
> -------------------------------------------------------------------
> +- entering group MS-CHAP
> rlm_mschap: No Cleartext-Password configured. Cannot create
> LM-Password.
> rlm_mschap: No Cleartext-Password configured. Cannot create
> NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for testing with NT-Password
> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
> ++[mschap] returns reject
> rlm_eap: Freeing handler
> ++[eap] returns reject
> auth: Failed to validate the user.
> Login incorrect: [testing/<via Auth-Type = EAP>] (from client dotix
> port 0)
> PEAP: Tunneled authentication was rejected.
>
> anyone can help?Thanks
>
>
> Ryan Setiawan H
>
--
DISCLAIMER:
The contents of this email and attachments are confidential and may be subject to legal privilege. Any unauthorized use, copying, disclosure or communicating any part of it to others is strictly prohibited and may be unlawful. If you are not the intended recipient you must not use, copy, distribute or rely on this email and should please return it immediately to the sender or notify us and delete the email and any attachments from your system. We cannot accept liability for loss or damage resulting from computer viruses. The integrity of email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not accept liability for any claims arising as a result of the use of this medium for transmissions by or to PT BANK NISP, Tbk.
More information about the Freeradius-Users
mailing list