freeradius 3.0 with its local user database + Cisco WLC + PEAP
Maciej Waliszko
mwaliszko at gmail.com
Tue Jan 17 10:55:19 UTC 2023
Matthew,
Thank you for the info. It helped a lot.
On Mon, 16 Jan 2023 at 16:15, Matthew Newton via Freeradius-Users <
freeradius-users at lists.freeradius.org> wrote:
>
>
> On 16/01/2023 14:30, Maciej Waliszko wrote:
> > b) A few local users were added to users file
> >
> > /etc/freeradius/3.0/users
>
> OK...
>
>
> > /etc/freeradius/3.0/sites-enabled/inner-tunnel
> > (40) eap_mschapv2: authenticate {
> > (40) mschap: Found Cleartext-Password, hashing to create NT-Password
> > (40) mschap: Found Cleartext-Password, hashing to create LM-Password
> > (40) mschap: Creating challenge hash with username: joe.doe
> > (40) mschap: Client is using MS-CHAPv2
> > (40) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key
> > --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
> > --challenge=%{%{mschap:Challenge}:-00}
> > --nt-response=%{%{mschap:NT-Response}:-00}:
>
> Running ntlm_auth
>
>
> > All the examples I am able to find on the internet are using AD/samba as
> > database for freeradius which is not the case here.
>
> You need to set `MS-CHAP-Use-NTLM-Auth := No` in the users file for each
> account (or for all authentications using unlang) to use internal mschap
> authentication.
>
> See mods-available/mschap where this is documented.
>
> --
> Matthew
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list