[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: ntlm_auth: hex decode of 00 failed
From: A.L.M.Buxey () lboro ! ac ! uk
Date: 2015-07-30 20:03:34
Message-ID: 20150730200334.GA9069 () lboro ! ac ! uk
[Download RAW message or body]
Hi,
> I ultimately want to use FreeRADIUS to authenticate user logins to my Cisco \
> infrastructure, VPN connections to my ASA, and MS-PEAP for WiFi. Currently I'm \
> just trying to run a test connection from my ASA firewall using the RADIUS test \
> built in:
> > > test aaa-server authorization RADIUS host 172.18.2.100 username spickles
yes. thats just a PAP test....so its not going to work.
you need to validate the system first by using eg rad_eap_test, eapol_test or \
somesuch locally...from localhost. (eapol_test can use nice config files as per found \
in the src/tests directory of freeradius
once you pass that testing phase, THEN send requests from other boxes. you can \
verify local policies by eg changing localhost to point to another virtual_server in \
clients.conf
> This is expected and the default is then '00' based on the setting 'ntlm_auth : \
> EXPAND --challenge=%{%{mschap:Challenge}:-00}'. So I guess at this point I'm \
> looking for some guidance on how I can make all of this work because the RADIUS \
> test isn't going to send an MS-CHAP challenge. Do I need to modify the ntlm_auth \
> configuration to include a 'password' option?
its a PAP request...for such requests you'll have to have a different configuration - \
call another module with a dumber ntlm_auth line....or configure kerberos on the box \
and use the krb5 routines.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic