Enterasys Wireless controller with Mgmt user authentication via RADIUS MSCHAP

Alan Alejandro Villaverde alan.villaverde at gmail.com
Wed Oct 29 23:16:58 CET 2014 

Hi Alan,

Thx for your quick feedback!

I finally got it working. I get it work setting Cleartext-Password into the
users files as you explained to me.But, is it possible to use PAM with
MSCHAP? what about with a lot of users? I read the FAQ, but I am not sure
about how to make it works with MSCHAP and PAM.

Could you give me a clue?






For instance, I know that when I use PAP authentication, the password
travels in plain text. When it arrives to radius server it is verify by
unix authentication.
On Oct 29, 2014 4:36 PM, "Alan DeKok" <aland at deployingradius.com> wrote:

> Alan Alejandro Villaverde wrote:
> > The problem is that when I set WLC to authenticate via radius using
> > MSCHAP I get Access-reject.
>
>   Read the debug output to see why.  This is suggested in the FAQ, "man"
> page, web pages, and daily on this list.
>
> > First of all, I keep the radius config files as default and when
> > debugging it I noticed that for some reason radius is trying to
> > authenticate by UNIX Cleartext Password.
>
>   I don't know what that means.
>
> > For PAP authentication it is ok and all works great but not for MSCHAP.
> >
> > Then, I set Auth-type = MSCHAP in "users" config file
>
>   Don't do that.  It will break things.  It's not necessary.
>
> > and here the
> > things changed. The auth now is done by mschap but it is still
> > requesting a clear text password. After that it tries with LM-password /
> > NT-password.
>
>   Well, no, it doesn't.  The debug output doesn't say that.
>
> > I read this article
> > http://deployingradius.com/documents/configuration/active_directory.html
> >
> > But I cant sort out this problem.
>
>   Put a user && Cleartext-Password into the "users" file.  It will work.
>
> > Is It possible to set Enterasys Wireless controller to authenticate mgmt
> > users via MSCHAP Radius???
>
>   Yes.
>
> > Can it be done without LM-password or NT-password?
>
>   Yes.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141029/f3922b97/attachment.html>

More information about the Freeradius-Users mailing list