Hi, is there a way, to tell the freeradius to accept an incoming peap request, without asking for user credentials, or to accept any credentials? Currently needed to use the credentials guest/guest. It would be simpler to accept any credentials, without loosing the encryption. Thanks Windows XP (SP2) as default it tries to sends the local credentials, but of course they are getting rejected. The Auth-Type := Accept accepts the Login (I also get a "Login OK" msg.) but it doesn't tunnel and Accept them fully. Cheers Sebastian Müller www.sophieneck-berlin.de
Hello,
Hi, is there a way, to tell the freeradius to accept an incoming peap request, without asking for user credentials, or to accept any credentials?
No, I don't think so.
Currently needed to use the credentials guest/guest. It would be simpler to accept any credentials, without loosing the encryption.
The problem is, encryption is based on the clear-text user password, so this _must_ be stored on the server somehow (e.g. by using guest/guest). While you can accept arbitrary PEAP requests, there's no way to extract the clear text password from the request, thus the server can't get the key for the encryption. HTH, Stefan
Hi, I thought the username/passwd is transfered while the shake-hand. So it wouldn't be able to reuse this transfered (encrypted or not) password for the connection? - Any maybe store it in a database for some time. I am no crypt-expert, so I don't know if the user-password is transfered crypted or not. When I look in my radius log, it shows me the clear-text password of everyone who tries to auth. I would use that transfer to copy username & Passwd and store it in a db, so for the rest of the auth and autz the server would have the passwd. ... or am i wrong in my mind? cu Sebastian On Fri, 2005-09-16 at 13:12 +0200, Stefan.Neis@t-online.de wrote:
Hello,
Hi, is there a way, to tell the freeradius to accept an incoming peap request, without asking for user credentials, or to accept any credentials?
No, I don't think so.
Currently needed to use the credentials guest/guest. It would be simpler to accept any credentials, without loosing the encryption.
The problem is, encryption is based on the clear-text user password, so this _must_ be stored on the server somehow (e.g. by using guest/guest). While you can accept arbitrary PEAP requests, there's no way to extract the clear text password from the request, thus the server can't get the key for the encryption.
HTH, Stefan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Sebastian Müller -
Stefan.Neis@t-online.de