(RADIATOR) PEAPv0/EAP-MSCHAPv2 authentication with an LDAP back end

Hugh Irvine hugh at open.com.au
Thu Jun 28 21:03:56 CDT 2007 

Hello Bob -

 From my archives I see we had a previous discussion about this in  
February, although we didn't get as far as a working solution did we?

All of the example configuration files in the "goodies" directory  
work as they are with the test certificates included in the Radiator  
distribution (latest is 3.17.1).

I suggest you use "eap_peap.cfg" to begin with, as it is and put a  
test user with nthash password in the "users" file.

You can run your test like this:

	cd /your/Radiator-3.17.1/distribution

	perl radiusd -foreground -log_stdout -trace 4 -config_file goodies/ 
eap_peap.cfg

Note the Perl prerequisites listed in the comment block at the  
beginning of the configuration file.

Once you have the simple case working you can go on to set up a test  
LDAP configuration file, using a modified copy of "goodies/ldap.cfg"  
which you can test with radpwtst.

Again note the prerequisites listed in the comment block at the  
beginning of the file, and section 5.36 of the manual ("doc/ref.html").

When this is working you can put the <AuthBy LDAP2> clause from the  
above into the inner Handler of the "eap_peap.cfg" file:

.....

<Handler TunnelledByPEAP = 1>

	<AuthBy LDAP2>
		.....
	</AuthBy>

</Handler>

.....

hope that helps

regards

Hugh


On 29 Jun 2007, at 08:36, Bob Shafer wrote:

> The powers that be want us to use the MS supplicant to authenticate  
> wireless clients against our LDAP (Sun) back end.  To make this  
> happen we are willing to figure out a way to populate LDAP with  
> nthash encrypted passwords.
>
> Assuming this is possible and someone has figured out a  
> configuration for radiator that works, would you be willing to  
> share any pointers, and, if possible, a copy, minus passwords, of a  
> working configuration file?
>
> If so, we'd be over joyed.
>
> Thanks,
>
> Bob Shafer
> University of Denver
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list