wpa2 - huntgroup problems -fixed

Hans Bornemann hans.bornemann at uni-dortmund.de
Thu Apr 10 15:15:22 CEST 2008


Hi,

huntgroups and PEAP works, if you set

copy_request_to_tunnel = yes

in eap.conf.

eap.conf:
...

 peap {
                        #  The tunneled EAP session needs a default
                        #  EAP type which is separate from the one for
                        #  the non-tunneled EAP module.  Inside of the
                        #  PEAP tunnel, we recommend using MS-CHAPv2,
                        #  as that is the default type supported by
                        #  Windows clients.
                        default_eap_type = mschapv2

                        #  the PEAP module also has these configuration
                        #  items, which are the same as for TTLS.
                        copy_request_to_tunnel = yes



....

hans

On Thu, 2008-04-10 at 12:50 +0200, Hans Bornemann wrote:
> Hi,
> 
> maybe a missunderstanding. The authentication with crypt-password works
> fine. The authentication with nt-passwords only works, if no huntgroup
> is defined in the database.
> 
> if huntgroup is defined:
> rlm_sql (sql): No matching entry in the database for request from user
> 
> if not:
> modcall[authorize]: module "sql" returns ok for request 0
> 
> i have checked the debug - the nas-ip is the same as defined in the
> huntgroupsfile
> 
> thanks
> Hans
> 
> 
> 
> 
> On Thu, 2008-04-10 at 10:49 +0100, Phil Mayers wrote:
> > Hans Bornemann wrote:
> > > Hi,
> > > 
> > > did you mean the operator for the huntgroups?
> > 
> > No. Crypt-Password
> > 
> > > 
> > > hans
> > > 
> > > 
> > > On Thu, 2008-04-10 at 10:29 +0100, Phil Mayers wrote:
> > >> Hans Bornemann wrote:
> > >>> Hi,
> > >>>
> > >>> I have a problem with huntgroups and wpa2. It concerns the following:
> > >>>
> > >>> First, huntgroups works with ntradping and crypt-passwd:
> > >>>
> > >>> mysql-db
> > >>>
> > >>> unzinn    | NT-Password    | := | 7C53CFA5EA7D0F9B3B968AA0FB51A3F5
> > >>> unzinn    | crypt-password | == | $1$7ftISFCW$xp.n8LMOxfPD7GqdSJqZC1
> > >> This is wrong; remove it, or set the operator to :=
> > 
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 
Hans Bornemann
Universitaet Dortmund - ITMC
Tel. ++49 231 755 2132  Fax. ++49 231 755 2731




More information about the Freeradius-Users mailing list