(RADIATOR) Should be EAP-TTLS working with inner authentication MSCHAPV2??
Jan Tomasek
jan at tomasek.cz
Thu Aug 5 06:30:00 CDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I'm testing what authentication mechanisms are working for our combination of
Cisco AP 1230, Radiator and client software. At this moment I'm playing with
XSupplicant v1.0 for Linux. I successfuly tested EAP-TTLS wit inner
authentication methods: PAP, CHAP, MSCHAP. But MSCHAPV2 isn't working! For
some strange reason Radiator says that there is problem with password. But
password is always same.
I'm sort of confused, this combination is showed in XSupplicant configuration
examples so it should be working.
Thanks for any help.
XSupplicant configuration is bellow, log from Radiator is attached, it's
configuration too.
XSupplicant configuration:
network_list = all
default_netname = eduroam
startup_command = <BEGIN_COMMAND>echo "START"<END_COMMAND>
reauth_command = <BEGIN_COMMAND>echo "authenticated user %i"<END_COMMAND>
#logfile = /var/log/xsupplicant.log
allow_interfaces = wlan0
#allow_interfaces = eth1
eduroam
{
type = wireless
# allow_types = eap-ttls
identity = <BEGIN_ID>semik at cesnet.cz<END_ID>
# eap-md5 {
# password = <BEGIN_PASS>heslo<END_PASS>
# }
# eap_tls {
# user_cert = /root/JanTomasek.crt.pem
# user_key = /root/JanTomasek.clear-key.pem
# #user_key_pass = <BEGIN_PASS>password for user-key.pem<END_PASS>
# root_cert = /etc/1x/cca.pem.crt
# #crl_dir = /home/user/certificates/revoked
# #cncheck = mynet.net
# #cnexact = no
# chunk_size = 1398
# random_file = /dev/urandom
# session_resume = no
# }
# eap-mschapv2 {
# password = <BEGIN_PASS>heslo<END_PASS>
# }
# eap-peap {
# root_cert = /etc/1x/cca.pem.crt
# chunk_size = 1398
# random_file = /dev/urandom
# #cncheck = radiusserver.mynet.net
# #cnexact = yes
# session_resume = no
#
# eap-mschapv2 {
# username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
# password = <BEGIN_PASS>heslo<END_PASS>
# }
# }
eap-ttls {
root_cert = /etc/1x/cca.pem.crt
chunk_size = 1398
random_file = /dev/urandom
phase2_type = mschap
pap {
username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
password = <BEGIN_PASS>heslo<END_PASS>
}
chap {
username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
password = <BEGIN_PASS>heslo<END_PASS>
}
mschap {
username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
password = <BEGIN_PASS>heslo<END_PASS>
}
mschapv2 {
username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
password = <BEGIN_PASS>heslo<END_PASS>
}
}
}
- --
- --------------------------------------------------------------
Jan Tomasek aka Semik work: CESNET, z.s.p.o.
http://www.tomasek.cz/ Zikova 4, 160 00 Praha 6
Czech Republic
phone(work): +420 2 2435 5279 http://www.cesnet.cz/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBEho279++DGvj6tMRAglXAJ0ViWfkcRE81wHlaexXEiX3Ok4FKgCfWm8i
wFV91eP9+aunuOrySKPwtBY=
=Pn6W
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eap-ttls-mschapv2.log
Type: text/x-log
Size: 60747 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040805/35eb3f93/attachment.bin>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius.cfg
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040805/35eb3f93/attachment.ksh>
More information about the radiator
mailing list