[RADIATOR] eap-ttls/ms-chap-v2
Michael Shoemaker
shoemake at america.net
Tue Jan 18 09:19:52 CST 2011
We are trying to get authentication with an alvarion wireless unit that
is sending mschapv2 encrypted passwords through a eap-ttls tunnel.
I can get the eap-ttls tunnel built and can see the attempts to request
the mschapv2 but am not sure where our hangup is.
What needs to be done to be able to get local authentication on the
radiator server using AuthBy DBFILE (DB_File)
The db was built using a plaintext file then converted using the
builddbm script.
<Handler TunnelledByTTLS=1>
<AuthBy DBFILE>
Filename /etc/raddb.proxy/dbm/users.db
DBType DB_File
</AuthBy>
</Handler>
<Handler Client-Identifier=blahblahblah>
<AuthBy FILE>
IgnoreAccounting
Filename /etc/raddb.proxy/conf/user
EAPType TTLS,PAP,CHAP
EAPTLS_CAFile
/etc/raddb.proxy/conf/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile
/etc/raddb.proxy/conf/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile
/etc/raddb.proxy/conf/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
SSLeayTrace 4
</AuthBy>
AuthLog myauthlogger
</Handler>
this gets me to the point of doing the ttls tunnel, then it passes the
mschap stuff to the authby dbfile... but I am not sure how to unencrypt
the pw to check vs the db file.
More information about the radiator
mailing list