wpa2 freeradius peap rlm_perl

Ray Eads REads at sno-isle.org
Mon Dec 5 23:29:59 CET 2011


Hi.  I'm using freeradius-2.1.10-5.el6.x86_64 from RHEL 6.  I'd like to use freeradius to accomplish a specific authentication goal, and haven't met with success yet.  I'm assuming this is either because the configuration is difficult, or I'm trying to solve the problem the wrong way, or I don't understand the protocols, or a combination of all three.

Essentially, I'd like to have an access point offer WPA2 Enterprise authentication to wireless devices of various makes and models.  I'd like the user to submit for traditional username/password authentication to the radius server (without a client side certificate).  I'm able to produce a yes/no answer with an rlm_perl script that functions as expected with a normal radius query.  My problem is that I haven't been able to connect that rlm script properly when freeradius is contacted as part of an EAP message.  

>From what I can tell, my choice of Windows compatible EAP types is fairly limited.  I've used PEAP in the past, but only with the intended AD repository of passwords.  With this application, I'd like to use the rlm_perl script instead of AD accounts as a source of usernames and passwords.

Big picture-wise, am I on the right path, or is this fundamentally the wrong way? I'm imagining a PEAP -> rlm_perl configuration.  


--
Ray Eads (reads at sno-isle.org)
Network Engineer II






More information about the Freeradius-Users mailing list