EAP (PEAP)+ntlm_auth doesn't send password by it self
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Tue Mar 23 10:39:52 CET 2010
Hi,
> > you still havent fixed that basic thing - check out the default config from
> > the 2.1.8 tarball
>
> Today I tried unsuccessful to figure out how solve the ":-" issue. I read "man unlang" but I could not find anything...
just read your version and compare it to the supplied default config in 2.1.8
- its quite easy - its the addition of some more curly brackets
> I have been thinking it could be by a wrong configuration of the Cisco AP 1100. I will follow the instructions described at http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c40b6.shtml#NetEAP
you need 'open' with with EAP methods...on a 'fat' AP this is something like
dot11 ssid real-wifi
vlan 666
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
accounting accounting-method-list
mbssid guest-mode dtim-period 3
information-element ssidl advertisement wps
admit-traffic
> However, I just want to do transparent authentications using PEAP with Microsoft Challenge Authentication Protocol (MS-CHAP) Version 2 without certificates (have you a recipe?)(http://cisco.com/en/US/prod/collateral/wireless/ps5678/ps430/prod_qas0900aecd801764f1_ps4570_Products_Q_and_A_Item.html)
you need certificates - how do you think the EAP is done? the PEAP tunnel is created by the client
talking to the (RADIUS) server. you dont need client certs....thats EAP-TLS. if you dont want to trust
the certificate (ie install the CA that signs the RADIUS server) then thats you (very very bad) choice.
you've just weakened massively one of the protection methods of 802.1X
alan
More information about the Freeradius-Users
mailing list