FR and PEAP question

Matt Ashfield mda at unb.ca
Tue Jun 10 16:08:07 CEST 2008


I'd like to test this with PEAP/MSCHAP requests if possible. Is there a
howto? Clearly I'm down the wrong path here.

Matt 
mda at unb.ca


-----Original Message-----
From: freeradius-users-bounces+mda=unb.ca at lists.freeradius.org
[mailto:freeradius-users-bounces+mda=unb.ca at lists.freeradius.org] On Behalf
Of Ivan Kalik
Sent: Tuesday, June 10, 2008 11:02 AM
To: freeradius-users at lists.freeradius.org
Subject: RE: FR and PEAP question

FreeRADIUS-Proxied-To == 127.0.0.1 will match only for eap requests. You
can't test for it with pap requests (radtest).

Ivan Kalik
Kalik Informatika ISP


Dana 10/6/2008, "Matt Ashfield" <mda at unb.ca> piše:

>I thought it would get referenced because in my users file I have:
>
>DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Huntgroup-Name == UNBFWSS,
>unbldap-Ldap-Group == staff, Autz-Type := Ldap1
>       User-Name=`%{User-Name}`,
>       Tunnel-Private-Group-Id=staff,
>       Tunnel-Type=VLAN,
>       Fall-Through = no
>
>And in huntgroups I have this. Although I am unsure if this is correct.
>UNBFWSS         NAS-IP-Address == 127.0.0.1
>
>
>Matt
>mda at unb.ca
>
>
>-----Original Message-----
>From: freeradius-users-bounces+mda=unb.ca at lists.freeradius.org
>[mailto:freeradius-users-bounces+mda=unb.ca at lists.freeradius.org] On Behalf
>Of Ivan Kalik
>Sent: Tuesday, June 10, 2008 10:36 AM
>To: freeradius-users at lists.freeradius.org
>Subject: RE: FR and PEAP question
>
>>The password that is being supplied by radtest is in plain-text, should I
>be
>>supplying it in ntPassword-encrypted format?
>
>No.
>
>>
>>It looks to me like I have something wrong with my authenticate section.
>>
>>My authorize section looks like:
>>authorize {
>>        preprocess
>>        chap
>>        mschap
>>        suffix
>>        eap
>>        Autz-Type Ldap1 {
>>                redundant-load-balance{
>>                        unbldap
>>                        unbldap2
>>                }
>>                mschap
>>        }
>>}
>>
>
>Not really. You just haven't called that Autz-Type anywhere.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>
>

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list