Hi,
> So target is:
>
> Windows XP Workstation <----> WLAN Base Station <---->
> FreeRadius <----> "My simple radius and its user db"
>
> - between Workstation and FreeRadius EAP-PEAP /
> PEAP-MSCHAPv2 is used
> - between FreeRadius and "My simple radius" PAP
> or CHAP is used
If you can use EAP-TTLS instead of EAP-PEAP, you can
use plain PAP or CHAP inside the TTLS tunnel and proxy
just that to your simple radius server - that just needs a
suitable configuration of the server.
Otherwise, it should theoretically be possible to "translate"
PEAP-MSCHAPv2 to plain MSCHAPv2 and use that for
communication with your "simple radius" server - however,
that still requires writing suitable code - in which I'd be very
interesested as well (as a proof of concept, I'm currently
working at "translating" EAP-MD5 to CHAP).
However, if your "simple server" does not understand
MSCHAPv2, but really only PAP or CHAP, the combination
you want to have is theoretically impossible. You can't
extract the information needed to compute correct PAP
or CHAP password from an MSCHAP password, it's
impossible: starting at the clear-text password (PAP) you
can either take the one-way road to the right (CHAP) or
the one to the left (MSCHAP), but there no way back, nor
can you jump from the left (MSCHAP) side to the right
(CHAP) one (or vice versa) by some clever tricks.
HTH,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
