Am 11.06.2008 um 14:48 schrieb Matt Ashfield:
Hi
I’m still trying to get this working. I’m using an XP machine plugged into an edge switch acting as a NAS. I’m using the PEAP/ MSCHAP in XP to authenticate against an LDAP directory. In that directory, we have created an attribute called ntPasssword which I have populated with the word ‘password’ (create, I know!). Below is what I get when I run in debug mode.
You have coded "Password" in UTF-16LE and applied the MD4 hash on it, before putting it in "ntPassword", haven't you? Have a nice day!
In ldap.attrmap I have the line:
checkItem NT-Password ntPassword
in radiusd.conf in my ldap declaration, I have:
password_attribute = ntPassword
I can’t quite figure out what’s going on below. Looks to me like the passwords are not matching. Any advice is appreciated.
Thanks
[...]
Matt
mda@unb.ca
-----Original Message----- From: freeradius-users-bounces+mda=unb.ca@lists.freeradius.org [mailto:freeradius-users-bounces+mda=unb.ca@lists.freeradius.org] On Behalf Of Ivan Kalik Sent: Tuesday, June 10, 2008 11:21 AM To: freeradius-users@lists.freeradius.org Subject: RE: FR and PEAP question
eapol_test from wpa_supplicant
JRadius Simulator
Ivan Kalik
Kalik Informatika ISP
Dana 10/6/2008, "Matt Ashfield" <mda@unb.ca> piše:
I'd like to test this with PEAP/MSCHAP requests if possible. Is there a
howto? Clearly I'm down the wrong path here.
Matt
mda@unb.ca
-----Original Message-----
From: freeradius-users-bounces+mda=unb.ca@lists.freeradius.org
[mailto:freeradius-users-bounces+mda=unb.ca@lists.freeradius.org] On Behalf
Of Ivan Kalik
Sent: Tuesday, June 10, 2008 11:02 AM
To: freeradius-users@lists.freeradius.org
Subject: RE: FR and PEAP question
FreeRADIUS-Proxied-To == 127.0.0.1 will match only for eap requests. You
can't test for it with pap requests (radtest).
Ivan Kalik
Kalik Informatika ISP
Dana 10/6/2008, "Matt Ashfield" <mda@unb.ca> piše:
I thought it would get referenced because in my users file I have:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Huntgroup-Name == UNBFWSS,
unbldap-Ldap-Group == staff, Autz-Type := Ldap1
User-Name=`%{User-Name}`,
Tunnel-Private-Group-Id=staff,
Tunnel-Type=VLAN,
Fall-Through = no
And in huntgroups I have this. Although I am unsure if this is correct.
UNBFWSS NAS-IP-Address == 127.0.0.1
Matt
mda@unb.ca
-----Original Message-----
From: freeradius-users-bounces+mda=unb.ca@lists.freeradius.org
[mailto:freeradius-users-bounces+mda=unb.ca@lists.freeradius.org] On Behalf
Of Ivan Kalik
Sent: Tuesday, June 10, 2008 10:36 AM
To: freeradius-users@lists.freeradius.org
Subject: RE: FR and PEAP question
The password that is being supplied by radtest is in plain-text, should I
be
supplying it in ntPassword-encrypted format?
No.
It looks to me like I have something wrong with my authenticate section.
My authorize section looks like:
authorize {
preprocess
chap
mschap
suffix
eap
Autz-Type Ldap1 {
redundant-load-balance{
unbldap
unbldap2
}
mschap
}
}
Not really. You just haven't called that Autz-Type anywhere.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
-
List info/subscribe/unsubscribe? See
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841