mschap2 over peap, how to use cleartext password defined on the freeradius server instead of using Windows AD?
James J J Hooper
jjj.hooper at bristol.ac.uk
Thu Jan 7 20:07:30 CET 2010
On 07/01/2010 18:57, Difan Zhao wrote:
> Greetings!
>
> I did read the “*mschap*” module file and I did see that in order to use
> a *cleartext* password, I need to set “*MS-CHAP-Use-NTLM-Auth := No*”
> however I don’t know where to set it.
>
> I tried to set it in “*hints*” file like the following. I added it to
> the beginning of the file and the rest is just default.
>
> enseo_stb
>
> MS-CHAP-Use-NTLM-Auth := No
>
> The “*enseo_stb*” is the username. I do see that it matched the line in
> the *preprocess* in the debug however the authentication still failed. I
> don’t have this user account set in Windows AD. I do have it set in my
> *users* file.
>
> Enseo_stb Cleartext-Password := "password"
>
> Any advice?? Thank you!!
>
In the config file for your EAP _inner-tunnel_:
server inner-tunnel-server {
authorize {
...
update control {
MS-CHAP-Use-NTLM-Auth := 0
}
mschap
...
}
... you could use unlang to wrap it in an if statement if you wanted to be
selective about when to apply it.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
More information about the Freeradius-Users
mailing list