rlm_python learnings - PAP and MSCHAPv2
Russell.Lang at team.telstra.com
Fri Jan 17 06:25:22 CET 2020
> Why are you trying to use PAP to process MSCHAP data?
I'm not. PAP is used for WPA2-Personal clients, and PEAP/MSCHAPv2 for WPA2-Enterprise.
We need to authenticate both with the NT-Password.
> Set control:NT-Password in your rest response and use the MSCHAP module to process MSCHAP data...
rlm_rest.c won't authenticate unless User-Password is available.
Are you saying that the REST authorize can return the NT-Password in the JSON repsonse, and let FreeRADIUS handle both PAP and PEAP-MSCHAPv2 authentication?
Is there a quick way to get all attributes passed to the REST API?
The following rest config gives an empty body to the POST:
uri = "http://nginx:8000/radiusRest?action=authorize"
method = 'post'
body = 'post'
From: Freeradius-Users <freeradius-users-bounces+russell.lang=team.telstra.com at lists.freeradius.org> On Behalf Of Arran Cudbard-Bell
Sent: Friday, 17 January 2020 15:04
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: rlm_python learnings - PAP and MSCHAPv2
[External Email] This email was sent from outside the organisation – be cautious, particularly with links and attachments.
> Allow PAP authorize and rlm_rest to work if the NT hash of the password is available.
Why are you trying to use PAP to process MSCHAP data?
Set control:NT-Password in your rest response and use the MSCHAP module to process MSCHAP data...
Arran Cudbard-Bell <a.cudbardb at freeradius.org> FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users