I'd like to test this with PEAP/MSCHAP requests if possible. Is there a howto? Clearly I'm down the wrong path here. Matt mda@unb.ca -----Original Message----- From: freeradius-users-bounces+mda=unb.ca@lists.freeradius.org [mailto:freeradius-users-bounces+mda=unb.ca@lists.freeradius.org] On Behalf Of Ivan Kalik Sent: Tuesday, June 10, 2008 11:02 AM To: freeradius-users@lists.freeradius.org Subject: RE: FR and PEAP question FreeRADIUS-Proxied-To == 127.0.0.1 will match only for eap requests. You can't test for it with pap requests (radtest). Ivan Kalik Kalik Informatika ISP Dana 10/6/2008, "Matt Ashfield" <mda@unb.ca> piše:
I thought it would get referenced because in my users file I have:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Huntgroup-Name == UNBFWSS, unbldap-Ldap-Group == staff, Autz-Type := Ldap1 User-Name=`%{User-Name}`, Tunnel-Private-Group-Id=staff, Tunnel-Type=VLAN, Fall-Through = no
And in huntgroups I have this. Although I am unsure if this is correct. UNBFWSS NAS-IP-Address == 127.0.0.1
Matt mda@unb.ca
-----Original Message----- From: freeradius-users-bounces+mda=unb.ca@lists.freeradius.org [mailto:freeradius-users-bounces+mda=unb.ca@lists.freeradius.org] On Behalf Of Ivan Kalik Sent: Tuesday, June 10, 2008 10:36 AM To: freeradius-users@lists.freeradius.org Subject: RE: FR and PEAP question
The password that is being supplied by radtest is in plain-text, should I be supplying it in ntPassword-encrypted format?
No.
It looks to me like I have something wrong with my authenticate section.
My authorize section looks like: authorize { preprocess chap mschap suffix eap Autz-Type Ldap1 { redundant-load-balance{ unbldap unbldap2 } mschap } }
Not really. You just haven't called that Autz-Type anywhere.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html