<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<META NAME="Generator" CONTENT="MS Exchange Server version 08.00.0681.000">
<TITLE>RE: FR and PEAP question</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">Hi</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">I</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">’</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">m still trying to get this working. I</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">’</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">m using an XP</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT FACE="Calibri">machine</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri"> plugged into an edge switch acting as a NAS. I</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">’</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">m using the PEAP/MSCHAP in XP to authenticate against an LDAP directory. In that directory, we have created an attribute called ntPasssword</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT FACE="Calibri">which I have populated with</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT FACE="Calibri">the</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri"> word</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT FACE="Calibri">‘</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">password</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">’</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri"> (create, I know!). Below is what</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT FACE="Calibri">I</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri"> get when I run in debug mode.</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">In ldap.attrmap I have the line:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">checkItem NT-Password ntPassword</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">in</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT FACE="Calibri">radius</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">d.conf</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT FACE="Calibri">in my ldap declaration,</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT FACE="Calibri">I have:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">password_attribute = ntPassword</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri"> </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">I can</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">’</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">t quite figure out what</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">’</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">s going on below. Looks to</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT FACE="Calibri">me like</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri"> the passwords are not matching. Any advice is appreciated.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">Thanks</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
<BR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">rad_recv: Access-Request packet from host</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT SIZE=1 FACE="Courier New">11.2.19.3</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New"> port 2048, id=3, length=102</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New"> NAS-IP-Address =</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT SIZE=1 FACE="Courier New">11.2.19.3</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New"> NAS-Port-Type = Ethernet</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New"> Service-Type = Framed-User</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New"> Message-Authenticator = 0xfbe3f8eb4dd656189f641a6aef2a8e59</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New"> NAS-Port = 2</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New"> Framed-MTU = 1490</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New"> User-Name = "mda"</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New"> Calling-Station-Id = "00-11-25-81-1D-DA"</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New"> EAP-Message = 0x02030008016d6461</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: +- entering group authorize</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: ++[preprocess] returns ok</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_realm: No '@' in User-Name = "mda", looking up realm NULL</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_realm: No such realm "NULL"</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: ++[suffix] returns noop</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: modsingle[authorize]: calling unbldap (rlm_ldap) for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: - authorize</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: performing user authorization for mda</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: WARNING: Deprecated conditional expansion ":-". See "man unlang" for details</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=mda)</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: expand: ou=people,dc=unb,dc=ca -> ou=people,dc=unb,dc=ca</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: performing search in ou=people,dc=unb,dc=ca, with filter (uid=mda)</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: Added User-Password = å,¬gA??"J;???¦Ëm in check items</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: looking for check items in directory...</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0xe52cac67419a9a224a3b108f3fa6cb6d</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: looking for reply items in directory...</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: user mda authorized to use remote access</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: modsingle[authorize]: returned from unbldap (rlm_ldap) for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: ++[unbldap] returns ok</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: ++[mschap] returns noop</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: ++[mschap] returns noop</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: ++[files] returns noop</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: !!! Replacing User-Password in config items with Cleartext-Password. !!!</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: !!! Please update your configuration so that the "known good" !!!</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!!</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: auth: type Local</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: auth: No User-Password or CHAP-Password attribute in the request</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: auth: Failed to validate the user.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Auth: Login incorrect: [mda] (from client hh932 port 2 cli 00-11-25-81-1D-DA)</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: Delaying reject of request 1 for 1 seconds</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: Going to the next request</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:02 2008 : Debug: Waking up in 0.9 seconds.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:03 2008 : Debug: Sending delayed reject for request 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Sending Access-Reject of id 3 to</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT SIZE=1 FACE="Courier New">11.2.19.3</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New"> port 2048</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:03 2008 : Debug: Waking up in 4.9 seconds.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:08 2008 : Debug: Cleaning up request 1 ID 3 with timestamp +355</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=1 FACE="Courier New">Wed Jun 11 09:42:08 2008 : Debug: Ready to process requests.</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">Matt </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">mda@unb.ca</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">-----Original Message-----<BR>
From: freeradius-users-bounces+mda=unb.ca@lists.freeradius.org [<A HREF="mailto:freeradius-users-bounces+mda=unb.ca@lists.freeradius.org">mailto:freeradius-users-bounces+mda=unb.ca@lists.freeradius.org</A>] On Behalf Of Ivan Kalik<BR>
Sent: Tuesday, June 10, 2008 11:21 AM<BR>
To: freeradius-users@lists.freeradius.org<BR>
Subject: RE: FR and PEAP question</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">eapol_test from wpa_supplicant</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">JRadius Simulator</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">Ivan Kalik</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">Kalik Informatika ISP</FONT></SPAN></P>
<BR>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">Dana 10/6/2008, "Matt Ashfield" <mda@unb.ca> piše:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>I'd like to test this with PEAP/MSCHAP requests if possible. Is there a</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>howto? Clearly I'm down the wrong path here.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>Matt </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>mda@unb.ca</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>-----Original Message-----</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>From: freeradius-users-bounces+mda=unb.ca@lists.freeradius.org</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>[<A HREF="mailto:freeradius-users-bounces+mda=unb.ca@lists.freeradius.org">mailto:freeradius-users-bounces+mda=unb.ca@lists.freeradius.org</A>] On Behalf</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>Of Ivan Kalik</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>Sent: Tuesday, June 10, 2008 11:02 AM</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>To: freeradius-users@lists.freeradius.org</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>Subject: RE: FR and PEAP question</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>FreeRADIUS-Proxied-To == 127.0.0.1 will match only for eap requests. You</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>can't test for it with pap requests (radtest).</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>Ivan Kalik</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>Kalik Informatika ISP</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>Dana 10/6/2008, "Matt Ashfield" <mda@unb.ca> piše:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>I thought it would get referenced because in my users file I have:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Huntgroup-Name == UNBFWSS,</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>unbldap-Ldap-Group == staff, Autz-Type := Ldap1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>> User-Name=`%{User-Name}`,</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>> Tunnel-Private-Group-Id=staff,</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>> Tunnel-Type=VLAN,</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>> Fall-Through = no</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>And in huntgroups I have this. Although I am unsure if this is correct.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>UNBFWSS NAS-IP-Address == 127.0.0.1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>Matt</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>mda@unb.ca</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>-----Original Message-----</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>From: freeradius-users-bounces+mda=unb.ca@lists.freeradius.org</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>[<A HREF="mailto:freeradius-users-bounces+mda=unb.ca@lists.freeradius.org">mailto:freeradius-users-bounces+mda=unb.ca@lists.freeradius.org</A>] On Behalf</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>Of Ivan Kalik</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>Sent: Tuesday, June 10, 2008 10:36 AM</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>To: freeradius-users@lists.freeradius.org</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>Subject: RE: FR and PEAP question</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>>The password that is being supplied by radtest is in plain-text, should I</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>be</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>>supplying it in ntPassword-encrypted format?</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>No.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>>It looks to me like I have something wrong with my authenticate section.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>>My authorize section looks like:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>>authorize {</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>> preprocess</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>> chap</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>> mschap</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>> suffix</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>> eap</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>> Autz-Type Ldap1 {</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>> redundant-load-balance{</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>> unbldap</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>> unbldap2</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>> }</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>> mschap</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>> }</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>>}</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>Not really. You just haven't called that Autz-Type anywhere.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>Ivan Kalik</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>Kalik Informatika ISP</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>-</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>>List info/subscribe/unsubscribe? See</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>><A HREF="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>-</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>List info/subscribe/unsubscribe? See</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">><A HREF="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>-</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">>List info/subscribe/unsubscribe? See <A HREF="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">-</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">List info/subscribe/unsubscribe? See <A HREF="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A></FONT></SPAN></P>
</BODY>
</HTML>