(RADIATOR) PEAP and MSCHAP V2

Mike McCauley mikem at open.com.au
Wed Jan 26 01:59:22 CST 2005 

Hello Martin,

On Wednesday 26 January 2005 17:40, mno wrote:
> Hi List,
>
>
> I got another question:
>
> I used PEAP and MSCHAP V2  with different combinations
> Of Username Pasword.
>
> The username noha at peap.com with the password leer works,
> But the username noha with the password leer does not work.
>
> Is a username in form of an E-Mail a requirement for peap/Mschapv2?

No, but the username in the user database has to match _exactly_ the username 
the user inputs (ie the identity), otherwise MSCHAPV2 fails (because the 
username is part of the hashing algorithm).

Hope that helps.
Cheers.


>
> Martin
>
> The config is fine
> <Handler TunnelledByPEAP=1>
>   <AuthBy FILE>
>    Filename %D/users
>    EAPType MSCHAP-V2
>   </AuthBy>
> </Handler>
>
>
> <Handler>
>
>    <AuthBy FILE>
>        Filename %D/users
>
>        EAPType  TLS LEAP PEAP
>        EAPTLS_CAFile %D/certs/CAcert.pem
>
> #      EAPTLSRewriteCertificateCommonName This_is_a_TEST
>
> #       EAPTLSRewriteCertificateCommonName s/(^.*$)/testUser\@tls.com/
>
>        EAPTLS_CertificateFile %D/certs/radiator_cert.pem
>        EAPTLS_CertificateType PEM
>
>        EAPTLS_PrivateKeyFile %D/certs/radiator_key.pem
>        EAPTLS_PrivateKeyPassword leer
>
>        EAPTLS_DoNotCheck_MYID
>
>
>        EAPTLS_MaxFragmentSize 1000
>
>        AutoMPPEKeys
>
>        SSLeayTrace 4
>
>       EAPTLS_PEAPVersion 0
>    </AuthBy>
> </Handler>
>
> Userfile:
> noha   User-Password = "test"
> noha at leap.com   User-Password = "leer"
> noha at peap.com   User-Password = "leer"

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list