Help Using PEAP with Unix Password

Duc Nguyen duc at echoengineering.com
Fri Aug 10 20:43:43 CEST 2007


Hi,

I'm running FreeRadius 1.0.1-3 on CentOS4 and I'm trying to configure my 
wireless network to authenticate users with PEAP-MSCHAPv2 using their 
unix username/password. Here are some of the things that I did:
- I set the deafult eap type in eap.conf to be peap and set peap to use 
mschapv2
- I also configured the ms-chap module in the modules section in 
radiusd.conf file and enabled mschap in the authorize section in 
radiusd.conf.

Based on the debugging log when I ran /usr/sbin/radius -X, I could see 
that my username matched the DEFAULT that was the system user. However, 
it did not authenticate. In the mschap module of the radiusd.conf file, 
I also tried using a different authtype to override the default MS-CHAP, 
but that didn't work either. I even tried using the etc_smbpasswd module 
that they have(not in the mschap module but outside of it and enabled it 
in the authorize section) but that didn't work either. From what I 
understand and I maybe wrong on this, with PEAP, I don't have to use 
certificates with the clients so I didn't copy any certificate to the 
client laptop. I'm pretty much out of ideas to try. The one time that it 
did work was when I have the username and password in clear text in the 
radius users file.

So my question is: Is PEAP with unix password is possible? Has anyone 
done this? If so, can you shed some light on this topic or point me to a 
tutorial somewhere? I haven't found any that pertains to this particular 
topic yet.

Thanks in advance for any help

-duc



More information about the Freeradius-Users mailing list