wpa2 - huntgroup problems -fixed

Yoho, Cindy Cyoho at umpublishing.org
Thu Apr 10 15:17:41 CEST 2008


I have Mike's spot under the carport in the A lot today, so he can be in
the shade. I'll come over after staff meeting.


-----Original Message-----
From:
freeradius-users-bounces+cyoho=umpublishing.org at lists.freeradius.org
[mailto:freeradius-users-bounces+cyoho=umpublishing.org at lists.freeradius
.org] On Behalf Of Hans Bornemann
Sent: Thursday, April 10, 2008 8:15 AM
To: FreeRadius users mailing list
Subject: Re: wpa2 - huntgroup problems -fixed


Hi,

huntgroups and PEAP works, if you set

copy_request_to_tunnel = yes

in eap.conf.

eap.conf:
...

 peap {
                        #  The tunneled EAP session needs a default
                        #  EAP type which is separate from the one for
                        #  the non-tunneled EAP module.  Inside of the
                        #  PEAP tunnel, we recommend using MS-CHAPv2,
                        #  as that is the default type supported by
                        #  Windows clients.
                        default_eap_type = mschapv2

                        #  the PEAP module also has these configuration
                        #  items, which are the same as for TTLS.
                        copy_request_to_tunnel = yes



....

hans

On Thu, 2008-04-10 at 12:50 +0200, Hans Bornemann wrote:
> Hi,
> 
> maybe a missunderstanding. The authentication with crypt-password 
> works fine. The authentication with nt-passwords only works, if no 
> huntgroup is defined in the database.
> 
> if huntgroup is defined:
> rlm_sql (sql): No matching entry in the database for request from user
> 
> if not:
> modcall[authorize]: module "sql" returns ok for request 0
> 
> i have checked the debug - the nas-ip is the same as defined in the 
> huntgroupsfile
> 
> thanks
> Hans
> 
> 
> 
> 
> On Thu, 2008-04-10 at 10:49 +0100, Phil Mayers wrote:
> > Hans Bornemann wrote:
> > > Hi,
> > > 
> > > did you mean the operator for the huntgroups?
> > 
> > No. Crypt-Password
> > 
> > > 
> > > hans
> > > 
> > > 
> > > On Thu, 2008-04-10 at 10:29 +0100, Phil Mayers wrote:
> > >> Hans Bornemann wrote:
> > >>> Hi,
> > >>>
> > >>> I have a problem with huntgroups and wpa2. It concerns the 
> > >>> following:
> > >>>
> > >>> First, huntgroups works with ntradping and crypt-passwd:
> > >>>
> > >>> mysql-db
> > >>>
> > >>> unzinn    | NT-Password    | := |
7C53CFA5EA7D0F9B3B968AA0FB51A3F5
> > >>> unzinn    | crypt-password | == |
$1$7ftISFCW$xp.n8LMOxfPD7GqdSJqZC1
> > >> This is wrong; remove it, or set the operator to :=
> > 
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
-- 
Hans Bornemann
Universitaet Dortmund - ITMC
Tel. ++49 231 755 2132  Fax. ++49 231 755 2731

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list