Hi,
I ultimately want to use FreeRADIUS to authenticate user logins to my Cisco infrastructure, VPN connections to my ASA, and MS-PEAP for WiFi. Currently I'm just trying to run a test connection from my ASA firewall using the RADIUS test built in:
test aaa-server authorization RADIUS host 172.18.2.100 username spickles
yes. thats just a PAP test....so its not going to work. you need to validate the system first by using eg rad_eap_test, eapol_test or somesuch locally...from localhost. (eapol_test can use nice config files as per found in the src/tests directory of freeradius once you pass that testing phase, THEN send requests from other boxes. you can verify local policies by eg changing localhost to point to another virtual_server in clients.conf
This is expected and the default is then '00' based on the setting 'ntlm_auth : EXPAND --challenge=%{%{mschap:Challenge}:-00}'. So I guess at this point I'm looking for some guidance on how I can make all of this work because the RADIUS test isn't going to send an MS-CHAP challenge. Do I need to modify the ntlm_auth configuration to include a 'password' option?
its a PAP request...for such requests you'll have to have a different configuration - call another module with a dumber ntlm_auth line....or configure kerberos on the box and use the krb5 routines. alan