Testing mschapv2 with custom radius attributes

Munroe Sollog mus3 at lehigh.edu
Mon Oct 12 22:22:41 CEST 2020


I guess I'm guilty of asking an X-Y question.  So let's try again.  In
following this guide:
https://wiki.freeradius.org/guide/Active-Directory-direct-via-winbind I
configured a freeradius server to authenticate against active directory.
However, I made a tweak to make authentication dependent on a custom VSA
"Aruba-Essid-Name".  With that tweak the guide's advice for testing using
radtest to confirm the configuration doesn't work since radtest doesn't
seem to support manually setting the above VSA.  Elsewhere on the wiki I
see references to radclient, radeapclient, eapol_test and rad_eap_test.  I
have been unable to wrangle any of these tools correctly to test that my
freeradius configuration is behaving as I want it to.  Any help would be
appreciated.  Thanks in advance.

On Mon, Oct 12, 2020 at 3:34 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Oct 12, 2020, at 1:29 PM, Munroe Sollog <mus3 at lehigh.edu> wrote:
> >
> > radclient does do a better job of sending the attributes as expected,
>
>   That's good.
>
> > however I can't figure out how to construct a PEAP-mschapv2 packet to
> > actually allow the auth to succeed.
>
>   Because radclient doesn't do PEAP.
>
>   Why ask about MS-CHAPv2 if you're *actually* doing PEAP?
>
>   And why ask on the FreeRADIUS list how to use a non-FreeRADIUS piece of
> software?
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Munroe Sollog (He/Him/His)
Senior Network Engineer
munroe at lehigh.edu


More information about the Freeradius-Users mailing list