(RADIATOR) PEAP-MSCHAPv2 don't assign WEP key

Jan Tomasek jan at tomasek.cz
Mon Sep 13 12:06:42 CDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Martin,

> Clear-text passwords are supported by radiator against MSCHAPv2, so if
> that's the way you want to go then you shouldn't need to patch.

I need that patch just for that LDAP part. Only way how to get Radiator
find users in LDAP is to use:
        # Strip realm
        RewriteUsername         s/^(.*?)\@.*$/$1/
        # Convert user name to lowercase
        RewriteUsername         tr/A-Z/a-z/
but after this is realm striped from username and Radiator never counts
same hash as client counts. So password never matches. This way it was
explained later in thread "Should be EAP-TTLS working with inner
authentication MSCHAPV2??". Without those two lines is MSCHAPv2 working
for me... but I've to add another value to uid (semik at cesnet.cz) in my
case, that isn't acceptable for production time. You responded that you
have patch which adds option UsernameMatchesWithoutRealm and that is
exactly what I need. Well... uhm... I think I need this ;) I checked
AuthLDAP2.pm source and it looks that it will be very simple to get this
functionality.

Now I understand that your work is much more sophisticated than my needs
and patching against work of Mike's team done on NT-Passwords might be
non-trivial. So, do you think I should code this piece myself?

Reason why I didn't it, yet is that I think nobody want's mantain
patches of official source tree and our pieces code will propably be in
conflict. I didn't wanted to make your work harder if my patch was
accepted by Mike before yours.


Oh that passwords... shame, some of our users have three of them :(
Pasword used by Radiator are used in eduRoam structure (IP roaming) and
parts of that structure are not safe enought so we had to use diferent
password...

Best regards
- --
- --------------------------------------------------------------
Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
http://www.tomasek.cz/                Zikova 4, 160 00 Praha 6
                                      Czech Republic
phone(work): +420 2 2435 5279         http://www.cesnet.cz/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBRdOe79++DGvj6tMRAuoyAJ9jReoGrB+f2ul/3boYt2siknN9igCeMY/n
dgVwVT/VzkXqDMzV1Fu7How=
=YvoI
-----END PGP SIGNATURE-----

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list