RE: Wireless clients, Cisco leap, Radius & Samba

Fri, 19 Sep 2003 12:43:08 -0700 

Alan

Thanks for the response.

1) I currently have:

        passwd etc_smbpasswd {
                filename = /etc/samba/smbpasswd
                format =
"*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"
                authtype = MS-CHAP
                hashsize = 100
                ignorenislike = no
                allowmultiplekeys = no
        }

In the modules section of radiusd.conf. Now you have mentioned it I can see
that it is not loading. But I'm not sure why not.

2) OK. I'm obviously confused as to what should or ought to happen here. My
expectations were led by:

A) The wireless clients have LEAP username/password/domain parameters which
default to those used for the Windows logon (NT Auth against Samba).

B) The WAP Authenticator configuration specifies the radius server can be
used for EAP, MAC, User or MIP authentication. One or more of these options
can be selected.

C) The radiud server appears to be able to auth against most data sources.


As you may guess this is my first go at putting up a radius server and I
expected that:

A) I need EAP to provide better security than WEP.

B) User account data already on the server (system and Samba accounts are
aligned) would be used to auth against. I.e. I did not expect to enter user
data again.

Any further guidance would be gratefully received.

Regards

Alan

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: 19 September 2003 15:32
To: [EMAIL PROTECTED]
Subject: Re: Wireless clients, Cisco leap, Radius & Samba 


"Alan Munday" <[EMAIL PROTECTED]> wrote:
> However the radius server also has Samba running on it and I want to
> = have the clients auth against this data. I have edited
> radiusd.conf to  include a passwd module to use the Samba passwd
> file.

  Not according to the debug output you printed.

> However I don't have the config right yet as I see the following:
> 
> 1)    rlm_eap_leap: No User-Password or NT-Password configured for this
> user

  So configure the 'passwd' module.

> 2)      modcall[authorize]: module "mschap" returns noop

  If it's doing LEAP authentication, then it won't be doing MS-CHAP
authentication.  Or did you expect it to do both?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to