(RADIATOR) How to differentiate PEAP-EAP-CHAPV2 and EAP-TTLS radius packets

Hugh Irvine hugh at open.com.au
Wed Mar 19 20:07:23 CST 2003


Hello Ken -

Could you please send me a copy of your configuration file (no secrets) 
together with a trace 4 debug from Radiator showing what is happening 
in each case?

regards

Hugh


On Thursday, Mar 20, 2003, at 11:11 Australia/Melbourne, Kawakubo, Ken 
wrote:

> All,
>
> I would like Radiator to do the following.
>
> When Radiator gets PEAP-EAP-CHAPv2 radius packets, Radiator proxies to 
> IAS
> on Windows 2003 server. When Radiator gets EAP-TTLS-PAP packets, 
> Radiator
> authenticate via Authby PAM using pam_smb. I have to do this setup 
> because
> we need to authenticate against NTLM. I can do NTLM authentication with
> EAP-TTLS since I can use plaintext PAP, but I cannot do NTLM 
> authentication
> with PEAP-EAP-CHAPv2 since it uses encrypted passwords.
>
> I got working both Radius proxy with PEAP-EAP-CHAPv2 and AuthBy PAM 
> with
> EAP-TTLS-PAP separately. But when I try to combine both packets 
> together, I
> am not getting it to work. Either one or the other fails 
> authentication. I
> have tried using AuthByPolicy and list both AuthBy clauses but it does 
> not
> seem to work.
>
> I am wondering if there is a way to check radius packets beforehand 
> and send
> them to the appropriate AuthBy clause. The first request packet uses 
> code 1
> instead of 25 (PEAP) or 21 (EAP-TTLS) and it seems to make it 
> difficult to
> differenticate.
>
> I appreciate any help. Thank you.
>
> Ken Kawakubo
>
>
>
>
>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list