(RADIATOR) PEAP-MSCHAPv2 don't assign WEP key

Martin Burton mvb at sanger.ac.uk
Tue Sep 14 03:11:58 CDT 2004 

Ah, I see.

UsernameMatchesWithoutRealm is not part of my patch.  It was already 
part of AuthLDAP2.pm

HTH

Martin.


Jan Tomasek wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello Martin,
> 
> 
>>Clear-text passwords are supported by radiator against MSCHAPv2, so if
>>that's the way you want to go then you shouldn't need to patch.
> 
> 
> I need that patch just for that LDAP part. Only way how to get Radiator
> find users in LDAP is to use:
>         # Strip realm
>         RewriteUsername         s/^(.*?)\@.*$/$1/
>         # Convert user name to lowercase
>         RewriteUsername         tr/A-Z/a-z/
> but after this is realm striped from username and Radiator never counts
> same hash as client counts. So password never matches. This way it was
> explained later in thread "Should be EAP-TTLS working with inner
> authentication MSCHAPV2??". Without those two lines is MSCHAPv2 working
> for me... but I've to add another value to uid (semik at cesnet.cz) in my
> case, that isn't acceptable for production time. You responded that you
> have patch which adds option UsernameMatchesWithoutRealm and that is
> exactly what I need. Well... uhm... I think I need this ;) I checked
> AuthLDAP2.pm source and it looks that it will be very simple to get this
> functionality.
> 
> Now I understand that your work is much more sophisticated than my needs
> and patching against work of Mike's team done on NT-Passwords might be
> non-trivial. So, do you think I should code this piece myself?
> 
> Reason why I didn't it, yet is that I think nobody want's mantain
> patches of official source tree and our pieces code will propably be in
> conflict. I didn't wanted to make your work harder if my patch was
> accepted by Mike before yours.
> 
> 
> Oh that passwords... shame, some of our users have three of them :(
> Pasword used by Radiator are used in eduRoam structure (IP roaming) and
> parts of that structure are not safe enought so we had to use diferent
> password...
> 
> Best regards
> - --
> - --------------------------------------------------------------
> Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
> http://www.tomasek.cz/                Zikova 4, 160 00 Praha 6
>                                       Czech Republic
> phone(work): +420 2 2435 5279         http://www.cesnet.cz/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
> 
> iD8DBQFBRdOe79++DGvj6tMRAuoyAJ9jReoGrB+f2ul/3boYt2siknN9igCeMY/n
> dgVwVT/VzkXqDMzV1Fu7How=
> =YvoI
> -----END PGP SIGNATURE-----
> 
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 
> 
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list