Perl/Peap-MSChapV2 Issues

tnt at kalik.net tnt at kalik.net
Thu Mar 19 17:18:26 CET 2009


>In my proxy.conf file, I have
>
>Realm LOCAL {
>}
>
>I noticed right above that, that it suggest to add "DEFAULT EAP-TYPE ==
>PEAP, Proxy-To-Realm := LOCAL to the users file. So I added that to the
>users file. Is realm Local {} not correct? If not, what should it be?

Nothing. Zou can delete that DEFAULT entry.

>
>In the sites-enabled/default I had eap { ok = return} before I had the
>statement calling perl, so I moved the eap {} to after the perl
>statement. This is in the authorize function.
>

Put it back as it was. You don't need perl in TLS exchange. Don't list
it in default virtual server.

>
>I did hardcode the Auth-Type perl because the wiki said to in the users
>file. I've taken that out now.
>

I assume you hardcoded that in perl sub authorize. That's a good place
for it. Put it back.

>I know that perl is being initiated because this is in the log file,
>
>Module: Instantiating perl
>  perl {
>        module = "/etc/raddb/perl/authorize.pl"
>        func_authorize = "authorize"
>        func_authenticate = "authenticate"
>
>and I do call perl in the authorize section of the sites-enabled/default
>file.

No, don't call perl in default virtual server. Call it in authorize and
authenticate in inner-tunnel virtual server. That's where (if you
haven't made changes to eap.conf) mschap authentication takes place.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list