(RADIATOR) MSCHAPv2

Jon.Zuilkowski at equifax.com Jon.Zuilkowski at equifax.com
Wed Jul 2 09:47:15 CDT 2003 

Hi.

I have a need to implement mschapv2 so that I can use the password
expiration feature of the cisco client/vpn concentrator 3000 series.

The problem is, I have no idea how to do this and I can't seem to find what
I need on google, and Cisco refuses to help or give me any info...


I have a fairly elaborate setup now (thanks to cisco's marketing
promises)...

I have all of my users in a central LDAP database with a web front end.

I currently use xtradius to authenticate the vpn device because it allowed
me to write auth scripts in perl.

A second instance of radius runs also as an LDAP gateway for dialup auth.

The cisco client/device support password expiration via mschapv2 like so:


  client   ---->  username/password ---> vpn device ---> radius (NT Server)

  radius (NT Server) ---> (some attribute) ---> vpn device ---> client
(opens dialog for password change)

  client   ---->  (password change attributes) ---> vpn device ---> radius
(NT Server)


The way I want this to look is like so:

  client   ---->  username/password ---> vpn device ---> radius --> LDAP
(determines expired password)

 LDAP  -->  radius  ---> (some attribute) ---> vpn device ---> client
(opens dialog for password change)

  client   ---->  (password change attributes) ---> vpn device ---> radius
-->  LDAP (password is changed)


Is there anyone that knows how to do this or can point me to some good info
on how to use the mschapv2 attributes?

Additional info:

radius/ldap servers:  2xsparc v100, solaris 9
ldap:  sun ONE directory v5.1

Thanks.
-Jon


This message contains information from Equifax Inc. which may be
confidential and privileged.  If you are not an intended recipient, please
refrain from any disclosure, copying, distribution or use of this
information and note that such actions are prohibited.  If you have
received this transmission in error, please notify by e-mail
postmaster at equifax.com.


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list