Machine auth without cert - EAP-PEAP/MSCHAPV2
Josh Howlett
Josh.Howlett at ja.net
Mon Feb 25 22:10:10 CET 2008
Hi Ryan,
What you're trying to do is impossible. MS-CHAPv2 is a mutual
authentication protocol, meaning that FreeRADIUS needs to demonstrate
knowledge of the password to the machine.
josh.
> -----Original Message-----
> From:
> freeradius-users-bounces+josh.howlett=ja.net at lists.freeradius.
> org
> [mailto:freeradius-users-bounces+josh.howlett=ja.net at lists.fre
eradius.org] On Behalf Of Ryan Kramer
> Sent: 25 February 2008 21:05
> To: jvieira at clarku.edu; FreeRadius users mailing list
> Subject: Machine auth without cert - EAP-PEAP/MSCHAPV2
>
> I've been experimenting with machine auth without using a
> cert, but I seem to be stuck on the fact that FreeRadius will
> not authenticate a local user.
>
> I see the request come across through debugging with a
> username of "host/mymachine.mydomain.com", and no password,
> and in my users file I have
>
> "host/mymachine.mydomain.com" Cleartext-Password="",
> Auth-Type := Local, MS-CHAP-Use-NTLM-Auth := 0
> Filter-ID = "WIRELESS-USER",
> Fall-Through = 0
>
> but for some reason it never authenticates... I've tried
> every both without the MS-CHAP option, that doesn't seem to
> change it. Also tried User-Password instead of cleartext
> password, no change. Any suggestions?
>
> Ryan
>
>
>
>
>
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
More information about the Freeradius-Users
mailing list