FR and PEAP question
Nicolas Goutte
nicolas.goutte at extragroup.de
Wed Jun 11 15:24:03 CEST 2008
Am 11.06.2008 um 14:48 schrieb Matt Ashfield:
> Hi
>
> I’m still trying to get this working. I’m using an XP machine
> plugged into an edge switch acting as a NAS. I’m using the PEAP/
> MSCHAP in XP to authenticate against an LDAP directory. In that
> directory, we have created an attribute called ntPasssword which I
> have populated with the word ‘password’ (create, I know!). Below is
> what I get when I run in debug mode.
>
You have coded "Password" in UTF-16LE and applied the MD4 hash on it,
before putting it in "ntPassword", haven't you?
Have a nice day!
> In ldap.attrmap I have the line:
>
> checkItem NT-Password ntPassword
>
> in radiusd.conf in my ldap declaration, I have:
>
> password_attribute = ntPassword
>
> I can’t quite figure out what’s going on below. Looks to me like
> the passwords are not matching. Any advice is appreciated.
>
> Thanks
>
>
[...]
> Matt
>
> mda at unb.ca
>
>
> -----Original Message-----
> From: freeradius-users-bounces+mda=unb.ca at lists.freeradius.org
> [mailto:freeradius-users-bounces+mda=unb.ca at lists.freeradius.org]
> On Behalf Of Ivan Kalik
> Sent: Tuesday, June 10, 2008 11:21 AM
> To: freeradius-users at lists.freeradius.org
> Subject: RE: FR and PEAP question
>
> eapol_test from wpa_supplicant
>
> JRadius Simulator
>
> Ivan Kalik
>
> Kalik Informatika ISP
>
>
> Dana 10/6/2008, "Matt Ashfield" <mda at unb.ca> piše:
>
> >I'd like to test this with PEAP/MSCHAP requests if possible. Is
> there a
>
> >howto? Clearly I'm down the wrong path here.
>
> >
>
> >Matt
>
> >mda at unb.ca
>
> >
>
> >
>
> >-----Original Message-----
>
> >From: freeradius-users-bounces+mda=unb.ca at lists.freeradius.org
>
> >[mailto:freeradius-users-bounces+mda=unb.ca at lists.freeradius.org]
> On Behalf
>
> >Of Ivan Kalik
>
> >Sent: Tuesday, June 10, 2008 11:02 AM
>
> >To: freeradius-users at lists.freeradius.org
>
> >Subject: RE: FR and PEAP question
>
> >
>
> >FreeRADIUS-Proxied-To == 127.0.0.1 will match only for eap
> requests. You
>
> >can't test for it with pap requests (radtest).
>
> >
>
> >Ivan Kalik
>
> >Kalik Informatika ISP
>
> >
>
> >
>
> >Dana 10/6/2008, "Matt Ashfield" <mda at unb.ca> piše:
>
> >
>
> >>I thought it would get referenced because in my users file I have:
>
> >>
>
> >>DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Huntgroup-Name ==
> UNBFWSS,
>
> >>unbldap-Ldap-Group == staff, Autz-Type := Ldap1
>
> >> User-Name=`%{User-Name}`,
>
> >> Tunnel-Private-Group-Id=staff,
>
> >> Tunnel-Type=VLAN,
>
> >> Fall-Through = no
>
> >>
>
> >>And in huntgroups I have this. Although I am unsure if this is
> correct.
>
> >>UNBFWSS NAS-IP-Address == 127.0.0.1
>
> >>
>
> >>
>
> >>Matt
>
> >>mda at unb.ca
>
> >>
>
> >>
>
> >>-----Original Message-----
>
> >>From: freeradius-users-bounces+mda=unb.ca at lists.freeradius.org
>
> >>[mailto:freeradius-users-bounces+mda=unb.ca at lists.freeradius.org]
> On Behalf
>
> >>Of Ivan Kalik
>
> >>Sent: Tuesday, June 10, 2008 10:36 AM
>
> >>To: freeradius-users at lists.freeradius.org
>
> >>Subject: RE: FR and PEAP question
>
> >>
>
> >>>The password that is being supplied by radtest is in plain-text,
> should I
>
> >>be
>
> >>>supplying it in ntPassword-encrypted format?
>
> >>
>
> >>No.
>
> >>
>
> >>>
>
> >>>It looks to me like I have something wrong with my authenticate
> section.
>
> >>>
>
> >>>My authorize section looks like:
>
> >>>authorize {
>
> >>> preprocess
>
> >>> chap
>
> >>> mschap
>
> >>> suffix
>
> >>> eap
>
> >>> Autz-Type Ldap1 {
>
> >>> redundant-load-balance{
>
> >>> unbldap
>
> >>> unbldap2
>
> >>> }
>
> >>> mschap
>
> >>> }
>
> >>>}
>
> >>>
>
> >>
>
> >>Not really. You just haven't called that Autz-Type anywhere.
>
> >>
>
> >>Ivan Kalik
>
> >>Kalik Informatika ISP
>
> >>
>
> >>-
>
> >>List info/subscribe/unsubscribe? See
>
> >>http://www.freeradius.org/list/users.html
>
> >>
>
> >>
>
> >
>
> >-
>
> >List info/subscribe/unsubscribe? See
>
> >http://www.freeradius.org/list/users.html
>
> >
>
> >
>
> >-
>
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
> >
>
> >
>
> -
>
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
Nicolas Goutte
extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080611/467a3902/attachment.html>
More information about the Freeradius-Users
mailing list