freeradius 3.0 with its local user database + Cisco WLC + PEAP
Matthew Newton
mcn at freeradius.org
Mon Jan 16 15:15:23 UTC 2023
On 16/01/2023 14:30, Maciej Waliszko wrote:
> b) A few local users were added to users file
>
> /etc/freeradius/3.0/users
OK...
> /etc/freeradius/3.0/sites-enabled/inner-tunnel
> (40) eap_mschapv2: authenticate {
> (40) mschap: Found Cleartext-Password, hashing to create NT-Password
> (40) mschap: Found Cleartext-Password, hashing to create LM-Password
> (40) mschap: Creating challenge hash with username: joe.doe
> (40) mschap: Client is using MS-CHAPv2
> (40) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key
> --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
> --challenge=%{%{mschap:Challenge}:-00}
> --nt-response=%{%{mschap:NT-Response}:-00}:
Running ntlm_auth
> All the examples I am able to find on the internet are using AD/samba as
> database for freeradius which is not the case here.
You need to set `MS-CHAP-Use-NTLM-Auth := No` in the users file for each
account (or for all authentications using unlang) to use internal mschap
authentication.
See mods-available/mschap where this is documented.
--
Matthew
More information about the Freeradius-Users
mailing list