(RADIATOR) eap-peap mschapv2 (again)

[Bob Shafer]

Dear list,

Like a bad penny, I have returned, for at least one more time.

A couple of times in the last year I've raised questions here about
theoretical scenarios involving eap-peap mschapv2 and ldap.

I finally am trying to actually *do* something rather than just talk
about it....

In hopes of walking before running, I thought I'd start by trying to use 
AUTHBY FILE before I  attempted AUTHBY LDAP.

I used the goodies/eap-peap.cfg file as a basis for the test and the 
test server certificate provided.  I'm using 3.17.1 with current patches.

The configuration file I've attached allows my test clients,
appropriately configured, to authenticate with EAP-TTLS PAP and an
NTHASH encrypted password.

They also authenticate with EAP-PEAP MSCHAPV2 and an unencrypted 
password is the users file.

But, and here is lies my problem, they all fail with the appropriate 
NTHASH encrypted version of the password.

Because it is for test purposes only, I've included the password I used
in both the nthash and clear text in the users file, which I've also
attached

Finally, there is a logfile with debug 4 enabled.

Let me know if you need anything more.

Any help that others can offer will be greatly appreciated.

Thanks,

Bob Shafer
University of Denver

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius.cfg
URL: <http://www.open.com.au/pipermail/radiator/attachments/20071230/84151cbc/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: logfile
URL: <http://www.open.com.au/pipermail/radiator/attachments/20071230/84151cbc/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: users
URL: <http://www.open.com.au/pipermail/radiator/attachments/20071230/84151cbc/attachment-0002.ksh>