eap\leap proxy
Alan DeKok
aland at ox.org
Wed Nov 30 18:21:54 CET 2005
carnold at dancon.com wrote:
> 1) Does the current FreeRadius download have this capability and I just
> need to configure it correctly?
No.
> 3) [to the developers] In the processing eap\leap authentication request
> within
> the code does the username and password get decoded to plain text in a
> variable
> if authenticated to the local users file?
No.
> C file and line number, please.
grep?
> If I am not able to get this working, I am looking at having to purchase 10
> copies
> of Cisco's ACS at $4K each. I would like to avoid the cost and provide
> wireless
> authentication at each of my facilities.
Geez, for that, hire someone to add the functionality to FreeRADIUS.
For $40K, I'm sure you'll find someone to do the job. :)
You'll need to supply packet traces from ACS, with both the input
LEAP packets & output MSCHAP packets, including RADIUS shared secrets
& user passwords. After that, the implementation should be relatively
trivial in FreeRADIUS.
The EAP-MSCHAPv2 module in FreeRADIUS already does something
similar, so precedent is there. And bugzilla has patches to proxy
EAP-MD5 as CHAP, too.
Alan DeKok.
More information about the Freeradius-Users
mailing list