(RADIATOR) Should be EAP-TTLS working with inner authentication MSCHAPV2??

Jan Tomasek jan at tomasek.cz
Fri Aug 6 04:33:00 CDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Hugh and Terry.

Terry I found thread of yours about it in archvie:
http://www.open.com.au/archives/radiator/2004-03/msg00028.html.

I decided to not give up that easy with this method as Terry did ;) Hugh I do
understand why it can't work with RewriteUsername. There are two reasons why I
am I using RewriteUsername:
  1) Without it Radiator isn't able to find user data in LDAP database
  2) Without it Radiator will badly count user sessions.
Personaly I do not care about 2, but 1 is serious problem. Is there any other
way how to bypass this problem? An option for LDAP2 module to force it strip
realm by itself will solve this problem for me. I can code this myself
quickly, but if someone from OSC will add this feature for me I will be pleased.

For this moment I trided to modify configuration of Radiator to not use
RewriteUsername and added to myself another uid in LDAP. And it almost works. But:

EAP-PEAP-MSCHAPV2 doesn't seam to support dynamic WEP keys so it is useless
for us.

EAP-TTLS-MSCHAPV2 somehow runs in infinity loop. Radiator says that "Access
accepted for semik at cesnet.cz" but WEP keys are not generated (If I correctly
understand to this, it is work which belongs to Radiator).
EAP-TTLS-(PAP,CHAP,MSCHAP) are working for me. In file
http://www.tomasek.cz/stuff/eap-ttls-mschapv2.log.bz2 is log from xsupplicant.
 In file http://www.tomasek.cz/stuff/radiator-eap-ttls-mschapv2.log.bz2 is log
from Radiator. Configuration isn't that big so it is attached. Please can
someone check it where problem is?

PS: Today is last day when I'm at work, I will be at holidays till 15.09. If
will be not responding, don't understand it that I'm no longer interested in
this. I will be walking in beatiful Czech countryside with camera trying to
get some outstanding photos. :)

Best regards
- --
- --------------------------------------------------------------
Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
http://www.tomasek.cz/                Zikova 4, 160 00 Praha 6
                                      Czech Republic
phone(work): +420 2 2435 5279         http://www.cesnet.cz/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBE1BK79++DGvj6tMRAnQ5AJ9VjLygD89YRfwWU9VYx2kXy1wkOgCggf4O
XQ8lrPdmWpOs6DZCEqBATNI=
=eR+T
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius.cfg
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040806/0cdf2fa2/attachment.ksh>


More information about the radiator mailing list