[RADIATOR] Checking multiple passwords for one user with PEAP

Heikki Vatiainen hvn at open.com.au
Thu Apr 10 04:11:37 CDT 2014


On 04/10/2014 12:00 PM, Jan Tomasek wrote:
> On 04/09/2014 06:03 PM, Jan Tomasek wrote:
>> Actual implementation of PEAP in Radiator allows only but maybe it's
>> possible to modify it to support this feature. I've modified
>> AuthLDAP2.pm to pass multiple User-Passwords from LDAP, but I'm unable
>> to locate where in EAP_25.pm passwords are checked. Could someone
>> provide me with pointers?
> 
> Right place to mess with is EAP_26.pm sub response, line 126. :)

Yes, it's EAP-MS-CHAPv2 (EAP 26) in your case. EAP_25.pm just terminates
the TLS tunnel and dispatches the tunnelled requests to the EAP method
that runs inside the tunnel. Many times its 25, but could be for example
EAP-TLS or EAP-GTC too.

Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list