Re: My PPTP+802.1X+MS-CHAP+EAP+OpenLDAP+MySQL Project.

Evan Vittitow wrote:

> I want to secure my Wireless Access points using 802.1X and PEAP, or
> EAP-TLS that are operated by my Cisco Aironet 340. I'm not interested in
> encrypting traffic. I have UDP Protocols like Quake 3 that are degraded

You can't use EAP on any wireless point that I know of *without*
encrypting the data. It wouldn't make any sense.

Anyway...

> by WPA, WEP and IPSec. IPSec may get implemented in due time, but for
> now, thats not on the agenda. My current issue is securing the APs from
> unauthorized access.
>
> My Progess so far:
>
> The issue with the VPNs is that even through Client Side PPP uses
> MS-CHAP, FreeRadius is causing pppd to think its authenticating normal CHAP.
>
> Jan 9 03:09:00 kurama pppd[12373]: Peer User failed CHAP authentication
> rlm_mschap: Found LM-Password
> rlm_mschap: Found NT-Password
> rlm_mschap: No MS-CHAP-Challenge in the request

This is a pppd configuration issue. You need (probably) the following in
/etc/ppp/options.pptpd:

-chap
-mschap
+mschap-v2
require-mppe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html