Hello, Am 2016-10-27 14:14, schrieb Alan DeKok:
Because MS-CHAPv2 doesn't supply a password.
The simple answer is that you should give the password to FreeRADIUS, and let FreeRADIUS authenticate the user. You shouldn't write a Perl script to do the authentication.
What would you recommend to let FreeRadius authenticate the user? LDAP or users file or something else?
The perl script is for a custom type of authentication only.
It will only work for PAP authentication.
Actually I plan to poke around with EAP-TTLS and PAP first, then and see how this goes.
In short, EAP-TTLS and PEAP set up a TLS connection between the PC and the RADIUS server. Authentication normally requires a name, so that is the "outer' one. When the TLS session is set up, the *real* name and password are sent inside of the TLS connection. That is the "inner" identity.
Thanks :). So this means I configure the default virtual server to do TTLS and the inner virtual server to do PAP? Then if I do this with rlm_perl I would write Auth-Type PAP { perl } in the inner-tunnel config. In the default config I guess I'd have to put eap in the authenticate section. Is this correct? With kind regards Marlen Caemmerer -- ************************************************ Alice Salomon Hochschule Computerzentrum Marlen Caemmerer Alice-Salomon-Platz 5 12627 Berlin Email: caemmerer@ash-berlin.eu ************************************************