Min Qiu [EMAIL PROTECTED] wrote:
However, cut and past the crypted password from /etc/shadow to
the entry failed:
mqiuAuth-Type := Local, User-Password ==
$1$CWOjXm2v$dzjrc385t1iQXMN0
UseL Crypt-Password := $1$CWOjXm...
I'm using PEAP/MS-CHAPv2 for authentication. In the users file I only
got the login name and a clear-text password.
I really want to start using Crypt-Password, but didn't quite get that
to work.
Do I understand it correctly you only need to take you standard unix
password from /etc/shadow and use that in users with Crypt-Password?
# more /etc/shadow
tom:jYyrl:13112::
In users file I got:
tom Crypt-Password := jYyrl
I didn't get that to work.
What am I missing here? Couldn't really find much info on it out there.
This is the debug log I got:
rad_recv: Access-Request packet from host 192.168.2.4:21654, id=120,
length=126
User-Name = tom
Framed-MTU = 1400
Called-Station-Id = 000e.8401.cd50
Calling-Station-Id = 0015.0015.adaa
Message-Authenticator = 0xca4c7181b9338edb3e176297682f33f7
EAP-Message = 0x0201000801746f6d
NAS-Port-Type = Wireless-802.11
NAS-Port = 268
Service-Type = Framed-User
NAS-IP-Address = 192.168.2.4
NAS-Identifier = AP1100-D2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
modcall[authorize]: module preprocess returns ok for request 16
modcall[authorize]: module mschap returns noop for request 16
rlm_realm: No '@' in User-Name = tom, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 16
rlm_eap: EAP packet type response id 1 length 8
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module eap returns updated for request 16
users: Matched entry tom at line 91
modcall[authorize]: module files returns ok for request 16
modcall: group authorize returns updated for request 16
rad_check_password: Found Auth-Type EAP
auth: type EAP
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module eap returns handled for request 16
modcall: group authenticate returns handled for request 16 Sending
Access-Challenge of id 120 to 192.168.2.4:21654
EAP-Message = 0x010200061920
Message-Authenticator = 0x
State = 0x01f769bbe79093c3c406a98a01294187
Finished request 16
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.4:21654, id=121,
length=238
User-Name = tom
Framed-MTU = 1400
Called-Station-Id = 000e.8401.cd50
Calling-Station-Id = 0015.0015.adaa
Message-Authenticator = 0xcccf1d38bc8d263feddbb303acbdcb41
EAP-Message =
0x020200661900160301005b0157030143da12d4d113043b760adb7ce542b365f5d8
806e659d5eb591e677044dd072b03000390038003500160013000a00330032002f00
66000500040065006400630062006000150012000900140011000800030100
NAS-Port-Type = Wireless-802.11
NAS-Port = 268
State = 0x01f769bbe79093c3c406a98a01294187
Service-Type = Framed-User
NAS-IP-Address = 192.168.2.4
NAS-Identifier = AP1100-D2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
modcall[authorize]: module preprocess returns ok for request 17
modcall[authorize]: module mschap returns noop for request 17
rlm_realm: No '@' in User-Name = tom, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 17
rlm_eap: EAP packet type response id 2 length 102
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module eap returns updated for request 17
users: Matched entry tom at line 91
modcall[authorize]: module files returns ok for request 17
modcall: group authorize returns updated for request 17
rad_check_password: Found Auth-Type EAP
auth: type EAP
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: TLS 1.0 Handshake [length 005b], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: TLS 1.0 Handshake [length 0654], Certificate
TLS_accept: