PEAP/MSCHAPv2 bounded to a particular MAC Address
Marco Gaiarin
gaio at sv.lnf.it
Fri Jan 31 10:43:51 CET 2014
Mandi! Alan DeKok
In chel di` si favelave...
> > ipm1 Cleartext-Password := "pass", MS-CHAP-Use-NTLM-Auth := 0, Expiration := "Jan 28 2017 19:00:00", Huntgroup-Name := "ipm1"
> See "man users". You're not checking huntgroup membership above.
> You're setting it.
AArrgghhh! But i'm sure i've done my test with '==' previously,
probably was some ''desperation addings''... anyway, now i have in users:
ipm1 Cleartext-Password := "pass", MS-CHAP-Use-NTLM-Auth := 0, Expiration := "Jan 28 2017 19:00:00", Huntgroup-Name == "ipm1"
and i've tried adding in huntgroups:
ipm1 Calling-Station-Id == "c8b5b723ecd6"
(eg, the wrong MAC), and effectively the authentication failed, in a manner
that seems to me that all work well. See 'freeradius-wrongmac.log'
attached.
But then i've put the right MAC:
ipm1 Calling-Station-Id == "c8b5b723ecd7"
but auth failed, in a different manner, see 'freeradius-correctmac.log'.
Seems to me that the Calling-Station-Id does not pass through the inner
tunnel, it is right? How can i fix it?
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeradius-wrongmac.log.gz
Type: application/octet-stream
Size: 5370 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140131/69c18c22/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeradius-correctmac.log.gz
Type: application/octet-stream
Size: 25534 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140131/69c18c22/attachment-0003.obj>
More information about the Freeradius-Users
mailing list