EAP + TLS + Unix passwords

tnt at kalik.net tnt at kalik.net
Thu Nov 19 23:21:04 CET 2009


> I realized I had a perfectly serviceable smbpassword file mirroring
> /etc/shaddow and that seems to work just fine with MS-CHAP. Now, my
> setup still doesn't *work*, but the debug output from radius sure
> looks like it's accepting the username & password and sending back an
> OK. So I think I have radius configured correctly.

You have.

> If someone could confirm that, I'd really appreciate it. Then I can
> move on to figuring out whether my client or my AP is the sticking
> point.

Well, you are using 1.1.3. It's known not to work with Vista, XP SP3 and
probably more supplicants. You should upgrade to current version (follow
RedHat FAQ).

> Sending Access-Accept of id 0 to 192.168.1.253 port 2048
> 	MS-MPPE-Recv-Key = 0xa1836258d98b7a77c6cf4a84b7866f22
> 	MS-MPPE-Send-Key = 0x541b00b14300752de69272f2e8d0f196
> 	MS-MPPE-Encryption-Policy = 0x00000001
> 	MS-MPPE-Encryption-Types = 0x00000006
> 	MS-MPPE-Recv-Key =
> 0x8083917dfae797d7a33df37fa99c2f8f295c1b48a600bc86a486b05027c33515
> 	MS-MPPE-Send-Key =
> 0x9f7031c562af44e884a67d8d14ef36df9008de8b7bc2f01b06ab9dd2e8a46c93
> 	EAP-Message = 0x03030004
> 	Message-Authenticator = 0x00000000000000000000000000000000
> 	User-Name = "andy"

Only thing that looks wrong here are two sets of MPPE keys. Debug the
supplicant and see if that's breaking things.

Ivan Kalik




More information about the Freeradius-Users mailing list