| 12345678910111213141516171819202122232425262728293031323334353637383940 |
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
- <title>Poptop MSCHAP2 ADS Howto</title>
- </head>
- <body>
- <p><strong>A6. Configure Freeradius for MSCHAPv2 on Fedora 4 / 5 / 6<br>
- </strong>(last update: 19 May 2007) </p>
-
- <p>Edit /etc/raddb/radiusd.conf to enable MSCAHP2. Open the file and locate the module section and then the mschap subsection.</p>
- <blockquote>
- <pre>modules {<br>
- ....[snip]....<br>
- mschap {
- authtype = MS-CHAP
- use_mppe = yes
- require_encryption = yes
- require_strong = yes
- ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"<br> }<br>
- ....[snip]....<br>
- }</pre>
- </blockquote>
- <p>The mschap option in the authorize and authenticate sections is enabled by default. If they are not, enable them accordingly. Save the file. </p>
- <p>The radius server has a secret key for security. The default key for freeradius is testing123. It is a good idea to change it for obvious security reasons. The key is in /etc/raddb/clients.conf. </p>
- <blockquote>
- <pre>client 127.0.0.1 {<br> #<br> # The shared secret use to "encrypt" and "sign" packets between<br> # the NAS and FreeRADIUS. You MUST change this secret from the<br> # default, otherwise it's not a secret any more!<br> #<br> # The secret can be any string, up to 32 characters in length.<br> #<br> secret = testing123
- ....[snip]....
- </pre>
- </blockquote>
- <p><strong>Note</strong>: if you change the secret key, you must modify the /etc/radiusclient/servers so that they match each other. </p>
- <hr>
- <a href="poptop_ads_howto_a5.htm">Previous</a> <a href="poptop_ads_howto_1.htm#toc">Content</a>
- <p> </p>
- </body>
- </html>
|
