My PPTP+802.1X+MS-CHAP+EAP+OpenLDAP+MySQL Project.

Phil Mayers p.mayers at imperial.ac.uk
Thu Jan 11 12:44:10 CET 2007


Evan Vittitow wrote:

> I want to secure my Wireless Access points using 802.1X and PEAP, or
> EAP-TLS that are operated by my Cisco Aironet 340. I'm not interested in
> encrypting traffic. I have UDP Protocols like Quake 3 that are degraded

You can't use EAP on any wireless point that I know of *without* 
encrypting the data. It wouldn't make any sense.

Anyway...

> by WPA, WEP and IPSec. IPSec may get implemented in due time, but for
> now, thats not on the agenda. My current issue is securing the APs from
> unauthorized access.
> 
> My Progess so far:
> 
> The issue with the VPNs is that even through Client Side PPP uses
> MS-CHAP, FreeRadius is causing pppd to think its authenticating normal CHAP.
> 
> Jan  9 03:09:00 kurama pppd[12373]: Peer User failed CHAP authentication
> rlm_mschap: Found LM-Password
> rlm_mschap: Found NT-Password
> rlm_mschap: No MS-CHAP-Challenge in the request

This is a pppd configuration issue. You need (probably) the following in 
/etc/ppp/options.pptpd:

-chap
-mschap
+mschap-v2
require-mppe



More information about the Freeradius-Users mailing list