[RADIATOR] PEAP Config

Hugh Irvine hugh at open.com.au
Tue Aug 12 20:25:44 CDT 2008 

Hello Tamarack -

I will need to see a trace 4 debug from Radiator showing what is  
happening.

In general though you will not be able to use "ServerChecksPassword"  
with MSCHAP-V2.

regards

Hugh


On 13 Aug 2008, at 06:02, Tamarack Birch-wheeles wrote:

> Hello,
>
> I'm trying to get PEAP/MSCHAP-V2 working with LDAP and I'm unable  
> to get it to work. Here is my current config:
>
> <AuthBy LDAP2>
>         Identifier LDAPGeneric
>         Version 3
>         NoDefault
>         Host xxxxxxxx
>         SSLVerify none
>         UseTLS
>         BaseDN ou=people, dc=xxx, dc=xxx
>         Scope subtree
>         EAPType MSCHAP-V2
>         UsernameAttr uid
>         ServerChecksPassword
>         FailureBackoffTime 15
>         RejectEmptyPassword
> </AuthBy>
>
> <Handler TunnelledByPEAP=1>
>         AuthByPolicy ContinueUntilAccept
>         AuthBy LDAPGeneric
>         <AuthBy RADIUS>
>                 NoDefault
>                 DefaultSimultaneousUse 1
>                 StripFromReply Service-Type
>                 <Host xxxxxxxxxxxxx>
>                         Secret xxxxxxxx
>                         AuthPort 1812
>                         AcctPort 1813
>                 </Host>
>         </AuthBy>
>         AuthLog FileAuthLog
>         AcctLogFileName %L/acct/acctlog-%Y-%m-%d
> </Handler>
>
> <Handler Client-Identifier=xxxxxx>
>         <AuthBy FILE>
>                 Filename /usr/local/etc/radiator/radius.users
>                 EAPType PEAP
>                 EAPTLS_CAFile /usr/local/etc/openssl/certs/ 
> ThawteServerCA.txt
>                 EAPTLS_CertificateFile /usr/local/etc/openssl/certs/ 
> radius1.oit.cert.pem
>                 EAPTLS_CertificateType PEM
>                 EAPTLS_PrivateKeyFile /usr/local/etc/openssl/certs/ 
> radius1.oit.key.pem
>                 EAPTLS_PrivateKeyPassword xxxxxxx
>                 EAPTLS_MaxFragmentSize 1024
>                 AutoMPPEKeys
>                 SSLeayTrace 4
>         </AuthBy>
>         AuthLog FileAuthLog
> </Handler>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list