PEAP mschapv2 using xp native supplicant

Ryan Setiawan H ryan.setiawan at banknisp.com
Fri Aug 1 05:10:42 CEST 2008


Hi all,
    I'm using eap for authentication on wired connection ( using 
freeradius 2.0.5 and LDAP backend ), most of our clients are windows 
machine so there's little choice for using eap, that is eap-MD5 and PEAP 
mschapv2.
    Using EAP-MD5 there isn't any problem, the problem begin with PEAP 
mschapv2

the debug :
-----------------------------------------------------------------
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=dialup,dc=xxx,dc=com, with filter 
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
---------------------------------------------------------------
clearly freeradius can see the password and also it clear text :)
below i also add samba schema that contain LM and NT password
---------------------------------------------------------------
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time 
== "Wk0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 
0x54657374696e6731
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password == 
0x54657374696e6731
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute 
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute 
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute 
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute 
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute 
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
-------------------------------------------------------------------
mschap module say no clear text pasword and also can't create LM and NT 
password
-------------------------------------------------------------------
    +- entering group MS-CHAP
  rlm_mschap: No Cleartext-Password configured.  Cannot create LM-Password.
  rlm_mschap: No Cleartext-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for testing with NT-Password
  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
  rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [testing/<via Auth-Type = EAP>] (from client dotix port 0)
  PEAP: Tunneled authentication was rejected.

anyone can help?Thanks


Ryan Setiawan H

-- 
DISCLAIMER:

The contents of this email and attachments are confidential and may be subject to legal privilege. Any unauthorized use, copying, disclosure or communicating any part of it to others is strictly prohibited and may be unlawful. If you are not the intended recipient you must not use, copy, distribute or rely on this email and should please return it immediately to the sender or notify us and delete the email and any attachments from your system. We cannot accept liability for loss or damage resulting from computer viruses. The integrity of email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not accept liability for any claims arising as a result of the use of this medium for transmissions by or to PT BANK NISP, Tbk.




More information about the Freeradius-Users mailing list