On 21/08/2013 13:55, Chris Parker wrote:
Thank you Phil! That resolved my first steps, and I figured there was
something like that. I have poured over deployingfreeradius.com, but
for the life of me I could not find anything of assistance for my set
up.
Yeah... to be honest, I think I've just confused matters.
I have enabled the ntlm_auth line in modules/mschap but no password
is sent to ntlm_auth to be checked. So the fact that it's failing
makes sense, since there's no password being read in and thus it
fails authorize. So this is just escaping me on how to get the
password into ntlm_auth via MSCHAP. On top of that, when my access
point succeeds against the users file, I suspect it's doing EAP but
the logs never say "I have detected EAP, setting EAP"
I see a lot of confusion in that paragraph.
In brief: RADIUS supports multiple authentication algorithms, and the
client chooses the algorithm.
"modules/ntlm_auth" can only handle PAP, which sends a username & password.
"modules/mschap" can handle MSCHAP, which sends a challenge/response
based on the password
"eap" handles EAP, and then calls other modules to handle what runs
inside the EAP tunnel.
You're getting confused because you seem to be trying to configure
"modules/ntlm_auth" to handle MSCHAP, which won't work. MSCHAP doesn't
send the password to the server; just a one-time function of it.
My advice - go back to the default configs, and ignore
"modules/ntlm_auth". It's not really intended for use as-is; it's a
sample config for people to build on if the have advanced knowledge of
the server.
Re-read the stuff on deployingradius.com - if you're trying to do
WPA-Enterprise (aka 802.1x) then it is definitive. If you're trying to
do something else, describe what, and show a *full* debug of a client
trying and failing.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
