RADIUS & PEAP
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Tue Jul 3 23:20:57 CEST 2007
If your using the Windows supplicant (which nearly everyone is, despite
it's nastyness), and want passwordless authentication using EAP, your
only other solution is to set up local PKI (public key infrastructure),
and start issuing client certificates, and use EAP-PEAP-TLS (Microsofts
version of EAP TLS).
> What you're attempting to do is impossible because MS-CHAP is a mutual
> authentication protocol. If the RADIUS server does not demonstrate
> knowledge of the password to the supplicant, a well-behaved the
> supplicant *should* refuse the connection.
>
> (I also wouldn't be surprised if the RADIUS server barfs because it
> can't get a valid user-password in order to construct the authentication
> response but I can't comment authoritatively on this).
>
> Finally, you can't authenticate MS-CHAP against /etc/passwd or
> /etc/shadow; MS-CHAP requires access to the cleartext password or its
> NTLM hash.
>
> josh.
>
>
>> -----Original Message-----
>> From:
>> freeradius-users-bounces+josh.howlett=ja.net at lists.freeradius.
>> org
>> [mailto:freeradius-users-bounces+josh.howlett=ja.net at lists.fre
>>
> eradius.org] On Behalf Of Adrienne Rau
>
>> Sent: 03 July 2007 19:30
>> To: freeradius-users at lists.freeradius.org
>> Subject: RADIUS & PEAP
>>
>> I am configuring a wireless network with EAP Authentication.
>> I can connect successfully with the following line in my users file.
>>
>> testuser User-Password == "testing"
>>
>> I would like to be able to authenticate with ANY password. I
>> tried using the "!=" operand, but that causes an MS-CHAP
>> incorrect response error. Is there any way to make EAP
>> authenticate with any password. If not, how can I have it
>> authenticate against the /etc/passwd and /etc/shadow files?
>>
>> Thank you for your help,
>> Adrienne Rau
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list