Help Using PEAP with Unix Password
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Fri Aug 10 21:09:52 CEST 2007
Duc Nguyen wrote:
> Hi,
>
> I'm running FreeRadius 1.0.1-3 on CentOS4 and I'm trying to configure my
> wireless network to authenticate users with PEAP-MSCHAPv2 using their
> unix username/password. Here are some of the things that I did:
> - I set the deafult eap type in eap.conf to be peap and set peap to use
> mschapv2
> - I also configured the ms-chap module in the modules section in
> radiusd.conf file and enabled mschap in the authorize section in
> radiusd.conf.
>
> Based on the debugging log when I ran /usr/sbin/radius -X, I could see
> that my username matched the DEFAULT that was the system user. However,
> it did not authenticate. In the mschap module of the radiusd.conf file,
> I also tried using a different authtype to override the default MS-CHAP,
> but that didn't work either. I even tried using the etc_smbpasswd module
> that they have(not in the mschap module but outside of it and enabled it
> in the authorize section) but that didn't work either. From what I
> understand and I maybe wrong on this, with PEAP, I don't have to use
> certificates with the clients so I didn't copy any certificate to the
> client laptop. I'm pretty much out of ideas to try. The one time that it
> did work was when I have the username and password in clear text in the
> radius users file.
>
> So my question is: Is PEAP with unix password is possible? Has anyone
> done this? If so, can you shed some light on this topic or point me to a
> tutorial somewhere? I haven't found any that pertains to this particular
> topic yet.
>
>
No.
PEAP uses MsCHAPv2 for inner encryption and so requires NT4Hash or
Cleartext password.
> Thanks in advance for any help
>
> -duc
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list