Support for PEAP-Mschapv2 and PEAP-GTC simultaneously?
Alan DeKok
aland at deployingradius.com
Tue Jun 19 17:57:39 CEST 2007
Colleen C. Morrissey wrote:
> I spoke too soon. This works ok for a user/password in users file, but
> not via LDAP. Via ldap mschap works but not gtc. Below is snippet of
> output when it is failing. Any advice on how to fix would be appreciated:
> [root at aster raddb]# more gtc_info
> modcall: entering group authenticate for request 502
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/gtc
> rlm_eap: processing type gtc
... which sends the clear-text password to the server.
> Processing the authenticate section of radiusd.conf
> modcall: entering group PAP for request 502
> rlm_pap: login attempt with password blah
> rlm_pap: Using NT encryption.
Why? If you have the clear-text password on the server, you can just
compare the two. There's no need to configure rlm_pap to do the NT hash.
> radius_xlat: Running registered xlat function of module mschap for
> string 'NT-Hash blah'
> rlm_mschap: Unknown expansion string "NT-Hash blah"
> radius_xlat: ''
That's a bug which will be fixed in 1.1.7, but it shouldn't affect you...
Alan Dekok.
More information about the Freeradius-Users
mailing list