Am 11.06.2008 um 14:48 schrieb Matt Ashfield:
Hi
I’m still trying to get this working. I’m using an XP machine
plugged into an edge switch acting as a NAS. I’m using the PEAP/
MSCHAP in XP to authenticate against an LDAP directory. In that
directory, we have created an attribute called ntPasssword which I
have populated with the word ‘password’ (create, I know!). Below is
what I get when I run in debug mode.
You have coded "Password" in UTF-16LE and applied the MD4 hash on it,
before putting it in "ntPassword", haven't you?
Have a nice day!
In ldap.attrmap I have the line:
checkItem NT-Password ntPassword
in radiusd.conf in my ldap declaration, I have:
password_attribute = ntPassword
I can’t quite figure out what’s going on below. Looks to me like
the passwords are not matching. Any advice is appreciated.
Thanks
[...]
Matt
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Ivan Kalik
Sent: Tuesday, June 10, 2008 11:21 AM
To: [email protected]
Subject: RE: FR and PEAP question
eapol_test from wpa_supplicant
JRadius Simulator
Ivan Kalik
Kalik Informatika ISP
Dana 10/6/2008, "Matt Ashfield" <[EMAIL PROTECTED]> piše:
>I'd like to test this with PEAP/MSCHAP requests if possible. Is
there a
>howto? Clearly I'm down the wrong path here.
>
>Matt
>[EMAIL PROTECTED]
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]
On Behalf
>Of Ivan Kalik
>Sent: Tuesday, June 10, 2008 11:02 AM
>To: [email protected]
>Subject: RE: FR and PEAP question
>
>FreeRADIUS-Proxied-To == 127.0.0.1 will match only for eap
requests. You
>can't test for it with pap requests (radtest).
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 10/6/2008, "Matt Ashfield" <[EMAIL PROTECTED]> piše:
>
>>I thought it would get referenced because in my users file I have:
>>
>>DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Huntgroup-Name ==
UNBFWSS,
>>unbldap-Ldap-Group == staff, Autz-Type := Ldap1
>> User-Name=`%{User-Name}`,
>> Tunnel-Private-Group-Id=staff,
>> Tunnel-Type=VLAN,
>> Fall-Through = no
>>
>>And in huntgroups I have this. Although I am unsure if this is
correct.
>>UNBFWSS NAS-IP-Address == 127.0.0.1
>>
>>
>>Matt
>>[EMAIL PROTECTED]
>>
>>
>>-----Original Message-----
>>From: [EMAIL PROTECTED]
>>[mailto:[EMAIL PROTECTED]
On Behalf
>>Of Ivan Kalik
>>Sent: Tuesday, June 10, 2008 10:36 AM
>>To: [email protected]
>>Subject: RE: FR and PEAP question
>>
>>>The password that is being supplied by radtest is in plain-text,
should I
>>be
>>>supplying it in ntPassword-encrypted format?
>>
>>No.
>>
>>>
>>>It looks to me like I have something wrong with my authenticate
section.
>>>
>>>My authorize section looks like:
>>>authorize {
>>> preprocess
>>> chap
>>> mschap
>>> suffix
>>> eap
>>> Autz-Type Ldap1 {
>>> redundant-load-balance{
>>> unbldap
>>> unbldap2
>>> }
>>> mschap
>>> }
>>>}
>>>
>>
>>Not really. You just haven't called that Autz-Type anywhere.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>-
>>List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>>
>>
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/
list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
users.html
Nicolas Goutte
extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
