carnold@dancon.com wrote:
1) Does the current FreeRadius download have this capability and I just need to configure it correctly?
No.
3) [to the developers] In the processing eap\leap authentication request within the code does the username and password get decoded to plain text in a variable if authenticated to the local users file?
No.
C file and line number, please.
grep?
If I am not able to get this working, I am looking at having to purchase 10 copies of Cisco's ACS at $4K each. I would like to avoid the cost and provide wireless authentication at each of my facilities.
Geez, for that, hire someone to add the functionality to FreeRADIUS. For $40K, I'm sure you'll find someone to do the job. :) You'll need to supply packet traces from ACS, with both the input LEAP packets & output MSCHAP packets, including RADIUS shared secrets & user passwords. After that, the implementation should be relatively trivial in FreeRADIUS. The EAP-MSCHAPv2 module in FreeRADIUS already does something similar, so precedent is there. And bugzilla has patches to proxy EAP-MD5 as CHAP, too. Alan DeKok.