What you're attempting to do is impossible because MS-CHAP is a mutual authentication protocol. If the RADIUS server does not demonstrate knowledge of the password to the supplicant, a well-behaved the supplicant *should* refuse the connection. (I also wouldn't be surprised if the RADIUS server barfs because it can't get a valid user-password in order to construct the authentication response but I can't comment authoritatively on this). Finally, you can't authenticate MS-CHAP against /etc/passwd or /etc/shadow; MS-CHAP requires access to the cleartext password or its NTLM hash. josh.
-----Original Message----- From: freeradius-users-bounces+josh.howlett=ja.net@lists.freeradius. org [mailto:freeradius-users-bounces+josh.howlett=ja.net@lists.fre eradius.org] On Behalf Of Adrienne Rau Sent: 03 July 2007 19:30 To: freeradius-users@lists.freeradius.org Subject: RADIUS & PEAP
I am configuring a wireless network with EAP Authentication. I can connect successfully with the following line in my users file.
testuser User-Password == "testing"
I would like to be able to authenticate with ANY password. I tried using the "!=" operand, but that causes an MS-CHAP incorrect response error. Is there any way to make EAP authenticate with any password. If not, how can I have it authenticate against the /etc/passwd and /etc/shadow files?
Thank you for your help, Adrienne Rau
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html