wpa2 freeradius peap rlm_perl

[Ray Eads]

Hi.  I have discovered that my goal is possible.  However, I had to change the way I was thinking about the authentication.  Essentially, the rlm_perl script does not perform the password comparison--it only retrieves the password and makes it available to the mschap module. 

Summary:  Yes, you can authenticate Windows clients with WPA2 PEAP using a perl script.



--
Ray Eads




-----Original Message-----
From: freeradius-users-bounces+reads=sno-isle.org at lists.freeradius.org [mailto:freeradius-users-bounces+reads=sno-isle.org at lists.freeradius.org] On Behalf Of Ray Eads
Sent: Monday, December 05, 2011 14:30
To: 'freeradius-users at lists.freeradius.org'
Subject: wpa2 freeradius peap rlm_perl


Hi.  I'm using freeradius-2.1.10-5.el6.x86_64 from RHEL 6.  I'd like to use freeradius to accomplish a specific authentication goal, and haven't met with success yet.  I'm assuming this is either because the configuration is difficult, or I'm trying to solve the problem the wrong way, or I don't understand the protocols, or a combination of all three.

Essentially, I'd like to have an access point offer WPA2 Enterprise authentication to wireless devices of various makes and models.  I'd like the user to submit for traditional username/password authentication to the radius server (without a client side certificate).  I'm able to produce a yes/no answer with an rlm_perl script that functions as expected with a normal radius query.  My problem is that I haven't been able to connect that rlm script properly when freeradius is contacted as part of an EAP message.  

>From what I can tell, my choice of Windows compatible EAP types is fairly limited.  I've used PEAP in the past, but only with the intended AD repository of passwords.  With this application, I'd like to use the rlm_perl script instead of AD accounts as a source of usernames and passwords.

Big picture-wise, am I on the right path, or is this fundamentally the wrong way? I'm imagining a PEAP -> rlm_perl configuration.