RE: Machine auth without cert - EAP-PEAP/MSCHAPV2
Hi Ryan,
What you're trying to do is impossible. MS-CHAPv2 is a mutual
authentication protocol, meaning that FreeRADIUS needs to demonstrate
knowledge of the password to the machine.
josh.
> -----Original Message-----
> From:
> freeradius-users-bounces+josh.howlett=ja.net@lists.freeradius.
> org
> [mailto:freeradius-users-bounces+josh.howlett=ja.net@lists.fre
eradius.org] On Behalf Of Ryan Kramer
> Sent: 25 February 2008 21:05
> To: jvieira@clarku.edu; FreeRadius users mailing list
> Subject: Machine auth without cert - EAP-PEAP/MSCHAPV2
>
> I've been experimenting with machine auth without using a
> cert, but I seem to be stuck on the fact that FreeRadius will
> not authenticate a local user.
>
> I see the request come across through debugging with a
> username of "host/mymachine.mydomain.com", and no password,
> and in my users file I have
>
> "host/mymachine.mydomain.com" Cleartext-Password="",
> Auth-Type := Local, MS-CHAP-Use-NTLM-Auth := 0
> Filter-ID = "WIRELESS-USER",
> Fall-Through = 0
>
> but for some reason it never authenticates... I've tried
> every both without the MS-CHAP option, that doesn't seem to
> change it. Also tried User-Password instead of cleartext
> password, no change. Any suggestions?
>
> Ryan
>
>
>
>
>
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.