[RADIATOR] eap-ttls/ms-chap-v2

Heikki Vatiainen hvn at open.com.au
Tue Jan 18 15:19:39 CST 2011


On 01/18/2011 05:19 PM, Michael Shoemaker wrote:

> We are trying to get authentication with an alvarion wireless unit that 
> is sending mschapv2 encrypted passwords through a eap-ttls tunnel.
> 
> I can get the eap-ttls tunnel built and can see the attempts to request 
> the mschapv2 but am not sure where our hangup is.

I have a couple of suggestions below. If they do not work, reply with
your configuration file (no secrets) and log file that shows the failing
requests.

> What needs to be done to be able to get local authentication on the 
> radiator server using AuthBy DBFILE (DB_File)
> 
> The db was built using a plaintext file then converted using the 
> builddbm script.

Did you use -t option with builddbm? If you did not, then you should
remove "DBType DB_FILE" from the config. By default builddbm creates a
AnyDBM_File which is also the default value for DBType.

> <Handler TunnelledByTTLS=1>
> 
> <AuthBy DBFILE>
>                  Filename /etc/raddb.proxy/dbm/users.db
>                  DBType DB_File

Check if this is really the correct value.

> </AuthBy>

> this gets me to the point of doing the ttls tunnel, then it passes the 
> mschap stuff to the authby dbfile... but I am not sure how to unencrypt 
> the pw to check vs the db file.

If the DBType check will not help, then the problems with password check
should be visible in the log.

Thanks!
Heikki Vatiainen

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list