(RADIATOR) PEAP and NT Domain auth
Chuck Byam
cbyam at virginia.edu
Mon Dec 15 09:06:47 CST 2003
I can get nt domain auth working and peap against a local file, but how does
one configure peap and nt together? It appears that it doesn't know how to
handle the inner request for anonymous.
Thanks,
----
Chuck Byam
============
Foreground
LogStdout
LogDir /var/log/radius
DbDir /etc/radiator
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 5
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client 10.4.40.31>
Secret mysecret
</Client>
<Client 127.0.0.1>
Secret mysecret
</Client>
# This is where we autneticate a PEAP inner request, which will be an EAP
# request. The username of the inner request will be anonymous, although
# the identity of the EAP request will be the real username we are
# trying to authenticate.
<Handler TunnelledByPEAP=1>
<AuthBy FILE>
Filename %D/users
# This tells the PEAP tclient what types of inner EAP requests
# we will honour
EAPType PEAP
# This will set up some standard reply items for
# your NAS, you may need others for your NAS
DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
# This tells the PEAP client what types of inner EAP requests
# we will honour
EAPType MSCHAP-V2
</AuthBy>
</Handler>
# Handles all realms:
<Handler>
<AuthBy FILE>
Filename %D/users
EAPType PEAP
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1024
AutoMPPEKeys
SSLeayTrace 4
# You can configure the User-Name that will be used for the inner
# authentication. Defaults to 'anonymous'. This can be useful
# when proxying the inner authentication. If tehre is a realm, it can
# be used to choose a local Realm to handle the inner authentication.
# %0 is replaced with the EAP identitiy
# EAPAnonymous anonymous at localhost
</AuthBy>
# Log accounting to the detail file in LogDir
AcctLogFileName ./detail
</Handler>
Mon Dec 15 09:28:58 2003: DEBUG: Handling request with Handler ''
Mon Dec 15 09:28:58 2003: DEBUG: Deleting session for crb6x, 10.4.40.31, 29
Mon Dec 15 09:28:58 2003: DEBUG: Handling with Radius::AuthFILE:
Mon Dec 15 09:28:58 2003: DEBUG: Handling with EAP: code 2, 252, 87
Mon Dec 15 09:28:58 2003: DEBUG: Response type 25
Mon Dec 15 09:28:58 2003: DEBUG: EAP PEAP inner authentication request for
anonymous
Mon Dec 15 09:28:58 2003: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: r<127>o <22><246>i<132><248>L<151>C<18><186>w$
Attributes:
EAP-Message =
<2><252><0><<26><2><252><0>;1<130><137><184><191>"<135><192>`<28><224><203>?<207><10><251>%<0><0><0><0><0><0><0><0>:<237>}V<156><171>.<178><205>I<27><223>z<169>c<152>>FMi<177><227><217>5<0>crb6x
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = 10.4.40.31
NAS-Port = 29
Calling-Station-Id = "004096432B05"
Mon Dec 15 09:28:58 2003: DEBUG: Handling request with Handler ''
Mon Dec 15 09:28:58 2003: DEBUG: Deleting session for crb6x, 10.4.40.31, 29
Mon Dec 15 09:28:58 2003: DEBUG: Handling with Radius::AuthFILE:
Mon Dec 15 09:28:58 2003: DEBUG: Handling with EAP: code 2, 252, 87
Mon Dec 15 09:28:58 2003: DEBUG: Response type 25
Mon Dec 15 09:28:58 2003: DEBUG: EAP PEAP inner authentication request for
anonymous
Mon Dec 15 09:28:58 2003: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: r<127>o <22><246>i<132><248>L<151>C<18><186>w$
Attributes:
EAP-Message =
<2><252><0><<26><2><252><0>;1<130><137><184><191>"<135><192>`<28><224><203>?<207><10><251>%<0><0><0><0><0><0><0><0>:<237>}V<156><171>.<178><205>I<27><223>z<169>c<152>>FMi<177><227><217>5<0>crb6x
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = 10.4.40.31
NAS-Port = 29
Calling-Station-Id = "004096432B05"
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list