Andy Theuninck <[email protected]> writes: > I'm trying to set up freeradius to handle WPA authentication on my > network. I've managed to get the AP & radius servers talking to one > another and the SSL certificates loaded and configured, but I can't > figure out how to get the username & passwords checked against the > local /etc/shadow file. Free radius version is 1.1.3, latest binary > provided by my version of CentOS.
Well, I guess you aøready know this but you should really get something newer... > The client attempting to connect is > Mac OS X 10.4. In a perfect world, I'd like to support both OS X and > Windows XP with names & passwords checked against /etc/shadow. I think that might be difficult. Windows will want to use mschap, which requires a cleartext password. Everything is working just as it should this far: > modcall: leaving group authorize (returns ok) for request 3 > rad_check_password: Found Auth-Type MS-CHAP > auth: type "MS-CHAP" > Processing the authenticate section of radiusd.conf > modcall: entering group MS-CHAP for request 3 But then it fails, as you don't have any Cleartext-Password (aka "User-Password" in FreeRADIUS 1.x language): > rlm_mschap: No User-Password configured. Cannot create LM-Password. > rlm_mschap: No User-Password configured. Cannot create NT-Password. > rlm_mschap: Told to do MS-CHAPv2 for andy with NT-Password > rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect > modcall[authenticate]: module "mschap" returns reject for request 3 > modcall: leaving group MS-CHAP (returns reject) for request 3 > auth: Failed to validate the user. The easiest would be to just forget /etc/shadow and configure cleartext passwords for your WPA users. You might try some inner authentication module supporting encrypted passwords (PAP?) but I don't know if that'd ever work with Windows... Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
