Add Check Item in PEAP MSCHAP V2 authentication process
Alan DeKok
aland at deployingradius.com
Mon Aug 29 17:49:34 CEST 2016
On Aug 29, 2016, at 9:21 AM, Tim Baledorion <timbaledorion at hotmail.com> wrote:
>> What is a "node identifier" ?
> A node Identifier is
If you don't care enough to properly describe the issue, why should I care enough to help you?
> In the inner-tunnel the authentication is done against LDAP database through radius ldap module. I wanted to check the NET-NodeID during the TLS phase that's why i was thinking it has to be there.
Read the debug log. It shows you where the attribute is located.
>> A proxy *cannot* modify the data inside of a TLS tunnel. TLS is designed to prevent this...
> I understand that quite well. That's why i was asking if the i had to change something in the supplicant to allow the behaviour i was requesting.
You can't change the supplicant.
> Maybe i should modify the ldap module parameters to look through the LDAP database in the authorize section with a match for Net-NodeID first, and then authenticate as it is requested in PEAP-MSCHAPv2?
> If you think this id is the right one i would have probably to setup 2 ldap instance one for the inner-tunnel the other for the authorize section.
The files raddb/sites-available/default and raddb/sites-available/inner-tunnel contain a lot of documentation and suggestions. Read them.
Alan DeKok.
More information about the Freeradius-Users
mailing list