Support of MSCHAPV2 over EAP-TTLS
This is a discussion on Support of MSCHAPV2 over EAP-TTLS within the FreeRADIUS Users forums, part of the Networking and Network Related category; --===============0019986085== Content-Type: multipart/alternative; boundary="0-2051116111-1173072602=:64613" Content-Transfer-Encoding: 8bit --0-2051116111-1173072602=:64613 ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-05-2007
|
|||
|
|||
Support of MSCHAPV2 over EAP-TTLS
--===============0019986085==
Content-Type: multipart/alternative; boundary="0-2051116111-1173072602=:64613" Content-Transfer-Encoding: 8bit --0-2051116111-1173072602=:64613 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Hi All, I am using Freeradius version 1.1.3 for EAP-TTLS testing. I am testing for EAP-TTLS with tunneled authentication type as MSCHAPV2. I suspect it fails, bcos it sends back Access-Accept instead of sending back the MS-CHAP2-Success encrypted over TLS protocol. please find the trace below. Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 5 rlm_mschap: Told to do MS-CHAPv2 for tls_user with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 5 modcall: leaving group MS-CHAP (returns ok) for request 5 TTLS: Got tunneled Access-Accept rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 5 modcall: leaving group authenticate (returns ok) for request 5 Sending Access-Accept of id 5 to 218.248.72.239 port 24208 Framed-Protocol = PPP MS-MPPE-Recv-Key = 0x743666c3df3bcb2c33c6e8a1d42bda70dc9417671f812cac a0bbf9ebf37a5a0f MS-MPPE-Send-Key = 0x18c4e67813c594ae18a1aeaf62443a46e380e16c6bdd4cfe cbe57168424c53a2 EAP-Message = 0x03060004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "tls_user" Finished request 5 Does this version of Freeradius supports MSCHAPV2 over EAP-TTLS? If yes, how to configure the same? Thanks in advance --------------------------------- No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. --0-2051116111-1173072602=:64613 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit <div>Hi All,</div> <div> </div> <div>I am using Freeradius version 1.1.3 for EAP-TTLS testing. I am testing for EAP-TTLS with tunneled authentication type as MSCHAPV2. </div> <div>I suspect it fails, bcos it sends back Access-Accept instead of sending back the MS-CHAP2-Success encrypted over TLS protocol. please find the trace below.</div> <div> </div> <div> </div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> Processing the authenticate section of radiusd.conf<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">modcall: entering group MS-CHAP for request 5<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> rlm_mschap: Told to do MS-CHAPv2 for tls_user with NT-Password<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">rlm_mschap: adding MS-CHAPv2 MPPE keys<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> </SPAN></FONT><B><FONT face=Arial color=#993366 size=2><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #993366; FONT-FAMILY: Arial">modcall[authenticate]: module "mschap" returns ok for request 5<o:p></o:p></SPAN></FONT></B></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">modcall: leaving group MS-CHAP (returns ok) for request 5<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> TTLS: Got tunneled Access-Accept<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> rlm_eap: Freeing handler<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> modcall[authenticate]: module "eap" returns ok for request 5<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">modcall: leaving group authenticate (returns ok) for request 5<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Sending Access-Accept of id 5 to 218.248.72.239 port 24208<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> Framed-Protocol = PPP<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> MS-MPPE-Recv-Key = 0x743666c3df3bcb2c33c6e8a1d42bda70dc9417671f812cac a0bbf9ebf37a5a0f<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> MS-MPPE-Send-Key = 0x18c4e67813c594ae18a1aeaf62443a46e380e16c6bdd4cfe cbe57168424c53a2<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> EAP-Message = 0x03060004<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> User-Name = "tls_user"<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Finished request 5</SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </div> <div class=MsoNormal><FONT face=Arial color=#1b2c48 size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Does this version of Freeradius supports MSCHAPV2 over EAP-TTLS? If yes, how to configure the same?</SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=#1b2c48 size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </div> <div class=MsoNormal><FONT face=Arial color=#1b2c48 size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Thanks in advance</SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </div><p> <hr size=1>No need to miss a message. <a href="http://us.rd.yahoo.com/evt=43910/*http://mobile.yahoo.com/mail ">Get email on-the-go </a><br>with Yahoo! Mail for Mobile. <a href="http://us.rd.yahoo.com/evt=43910/*http://mobile.yahoo.com/mail ">Get started.</a> --0-2051116111-1173072602=:64613-- --===============0019986085== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --===============0019986085==-- 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 08:34 AM.
