Support for PEAP-Mschapv2 and PEAP-GTC simultaneously?

Alan DeKok aland at deployingradius.com
Tue Jun 19 17:57:39 CEST 2007


Colleen C. Morrissey wrote:
> I spoke too soon.  This works ok for a user/password in users file, but 
> not via LDAP.  Via ldap mschap works but not gtc.  Below is snippet of 
> output when it is failing.  Any advice on how to fix would be appreciated:
> [root at aster raddb]# more gtc_info
> modcall: entering group authenticate for request 502
>    rlm_eap: Request found, released from the list
>    rlm_eap: EAP/gtc
>    rlm_eap: processing type gtc

  ... which sends the clear-text password to the server.

>    Processing the authenticate section of radiusd.conf
> modcall: entering group PAP for request 502
> rlm_pap: login attempt with password blah
> rlm_pap: Using NT encryption.

  Why?  If you have the clear-text password on the server, you can just
compare the two.  There's no need to configure rlm_pap to do the NT hash.

> radius_xlat: Running registered xlat function of module mschap for 
> string 'NT-Hash blah'
>    rlm_mschap: Unknown expansion string "NT-Hash blah"
> radius_xlat:  ''

  That's a bug which will be fixed in 1.1.7, but it shouldn't affect you...

  Alan Dekok.



More information about the Freeradius-Users mailing list