Hi, Actually I don't need password at all. Username is only thing what I need. I'll make authentication with other methods. I'll just want to end eap-peap to FreeRadius and continue with other methods.
Is it so that only way to solve this is to create my own module? Br, Petri -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 2. joulukuuta 2004 21:00 To: [EMAIL PROTECTED] Subject: Re: How to proxy authentication requests to simple radius? Hi, > So target is: > > Windows XP Workstation <----> WLAN Base Station <----> > FreeRadius <----> "My simple radius and its user db" > > - between Workstation and FreeRadius EAP-PEAP / > PEAP-MSCHAPv2 is used > - between FreeRadius and "My simple radius" PAP > or CHAP is used If you can use EAP-TTLS instead of EAP-PEAP, you can use plain PAP or CHAP inside the TTLS tunnel and proxy just that to your simple radius server - that just needs a suitable configuration of the server. Otherwise, it should theoretically be possible to "translate" PEAP-MSCHAPv2 to plain MSCHAPv2 and use that for communication with your "simple radius" server - however, that still requires writing suitable code - in which I'd be very interesested as well (as a proof of concept, I'm currently working at "translating" EAP-MD5 to CHAP). However, if your "simple server" does not understand MSCHAPv2, but really only PAP or CHAP, the combination you want to have is theoretically impossible. You can't extract the information needed to compute correct PAP or CHAP password from an MSCHAP password, it's impossible: starting at the clear-text password (PAP) you can either take the one-way road to the right (CHAP) or the one to the left (MSCHAP), but there no way back, nor can you jump from the left (MSCHAP) side to the right (CHAP) one (or vice versa) by some clever tricks. HTH, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
