Hello,
I am configuring FreeRadius 2.1.6 to athenticate MS Vista user
using EAP-PEAP protocol.
The file users looks as follows:
csd-notebook\user_name Cleartext-Password := "user_password"
Where csd-notebook is notebook name.
This setting is working.
But I would like to make 2 improvements to current configuration.
1. to have an ability to specify only user name in users file in order to
not depend on user computer name.
I was trying to do this by changing some FR 2.1.6 configuration parameters
but failed.
2. To add athentication by computer MAC address
I added Calling-Station-Id == "00-16-EA-8A-DE-38" parameter to users file
csd-notebook\user_name Cleartext-Password := "user_password", Calling-Station-Id ==
"00-16-EA-8A-DE-38"
but got such error message:
.....
[eap] EAP packet type response id 17 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 159
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for oreshkin with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
What parameters should I change to make these 2 configurations to work ?
Current FR 2.1.6 configuration is as follows.
eap.conf:
----------
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = no
virtual_server = "inner-tunnel"
}
modules/mschap:
--------------
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
}
modules/preprocess:
-------------------
preprocess {
with_ascend_hack = no
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
modules/realm:
--------------
realm ntdomain {
format = prefix
delimiter = "\\"
}
sites-available/default:
-----------------------
authorize {
preprocess
mschap
suffix
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
...
}
sites-available/inner-tunnel:
----------------------------
authorize {
mschap
suffix
update control {
Proxy-To-Realm := LOCAL
}
...
}
Thank you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
