FR and PEAP question

Nicolas Goutte nicolas.goutte at extragroup.de
Wed Jun 11 15:24:03 CEST 2008 

Am 11.06.2008 um 14:48 schrieb Matt Ashfield:

> Hi
>
> I’m still trying to get this working. I’m using an XP machine  
> plugged into an edge switch acting as a NAS. I’m using the PEAP/ 
> MSCHAP in XP to authenticate against an LDAP directory. In that  
> directory, we have created an attribute called ntPasssword which I  
> have populated with the word ‘password’ (create, I know!). Below is  
> what I get when I run in debug mode.
>

You have coded "Password" in UTF-16LE and applied the MD4 hash on it,  
before putting it in "ntPassword", haven't you?

Have a nice day!
> In ldap.attrmap I have the line:
>
> checkItem  NT-Password                     ntPassword
>
> in radiusd.conf in my ldap declaration, I have:
>
> password_attribute = ntPassword
>
> I can’t quite figure out what’s going on below. Looks to me like  
> the passwords are not matching. Any advice is appreciated.
>
> Thanks
>
>

[...]

> Matt
>
> mda at unb.ca
>
>
> -----Original Message-----
> From: freeradius-users-bounces+mda=unb.ca at lists.freeradius.org  
> [mailto:freeradius-users-bounces+mda=unb.ca at lists.freeradius.org]  
> On Behalf Of Ivan Kalik
> Sent: Tuesday, June 10, 2008 11:21 AM
> To: freeradius-users at lists.freeradius.org
> Subject: RE: FR and PEAP question
>
> eapol_test from wpa_supplicant
>
> JRadius Simulator
>
> Ivan Kalik
>
> Kalik Informatika ISP
>
>
> Dana 10/6/2008, "Matt Ashfield" <mda at unb.ca> piše:
>
> >I'd like to test this with PEAP/MSCHAP requests if possible. Is  
> there a
>
> >howto? Clearly I'm down the wrong path here.
>
> >
>
> >Matt
>
> >mda at unb.ca
>
> >
>
> >
>
> >-----Original Message-----
>
> >From: freeradius-users-bounces+mda=unb.ca at lists.freeradius.org
>
> >[mailto:freeradius-users-bounces+mda=unb.ca at lists.freeradius.org]  
> On Behalf
>
> >Of Ivan Kalik
>
> >Sent: Tuesday, June 10, 2008 11:02 AM
>
> >To: freeradius-users at lists.freeradius.org
>
> >Subject: RE: FR and PEAP question
>
> >
>
> >FreeRADIUS-Proxied-To == 127.0.0.1 will match only for eap  
> requests. You
>
> >can't test for it with pap requests (radtest).
>
> >
>
> >Ivan Kalik
>
> >Kalik Informatika ISP
>
> >
>
> >
>
> >Dana 10/6/2008, "Matt Ashfield" <mda at unb.ca> piše:
>
> >
>
> >>I thought it would get referenced because in my users file I have:
>
> >>
>
> >>DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Huntgroup-Name ==  
> UNBFWSS,
>
> >>unbldap-Ldap-Group == staff, Autz-Type := Ldap1
>
> >>       User-Name=`%{User-Name}`,
>
> >>       Tunnel-Private-Group-Id=staff,
>
> >>       Tunnel-Type=VLAN,
>
> >>       Fall-Through = no
>
> >>
>
> >>And in huntgroups I have this. Although I am unsure if this is  
> correct.
>
> >>UNBFWSS         NAS-IP-Address == 127.0.0.1
>
> >>
>
> >>
>
> >>Matt
>
> >>mda at unb.ca
>
> >>
>
> >>
>
> >>-----Original Message-----
>
> >>From: freeradius-users-bounces+mda=unb.ca at lists.freeradius.org
>
> >>[mailto:freeradius-users-bounces+mda=unb.ca at lists.freeradius.org]  
> On Behalf
>
> >>Of Ivan Kalik
>
> >>Sent: Tuesday, June 10, 2008 10:36 AM
>
> >>To: freeradius-users at lists.freeradius.org
>
> >>Subject: RE: FR and PEAP question
>
> >>
>
> >>>The password that is being supplied by radtest is in plain-text,  
> should I
>
> >>be
>
> >>>supplying it in ntPassword-encrypted format?
>
> >>
>
> >>No.
>
> >>
>
> >>>
>
> >>>It looks to me like I have something wrong with my authenticate  
> section.
>
> >>>
>
> >>>My authorize section looks like:
>
> >>>authorize {
>
> >>>        preprocess
>
> >>>        chap
>
> >>>        mschap
>
> >>>        suffix
>
> >>>        eap
>
> >>>        Autz-Type Ldap1 {
>
> >>>                redundant-load-balance{
>
> >>>                        unbldap
>
> >>>                        unbldap2
>
> >>>                }
>
> >>>                mschap
>
> >>>        }
>
> >>>}
>
> >>>
>
> >>
>
> >>Not really. You just haven't called that Autz-Type anywhere.
>
> >>
>
> >>Ivan Kalik
>
> >>Kalik Informatika ISP
>
> >>
>
> >>-
>
> >>List info/subscribe/unsubscribe? See
>
> >>http://www.freeradius.org/list/users.html
>
> >>
>
> >>
>
> >
>
> >-
>
> >List info/subscribe/unsubscribe? See
>
> >http://www.freeradius.org/list/users.html
>
> >
>
> >
>
> >-
>
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/ 
> list/users.html
>
> >
>
> >
>
> -
>
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ 
> users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ 
> users.html

Nicolas Goutte


extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany

Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080611/467a3902/attachment.html>

More information about the Freeradius-Users mailing list