Fix up FreeRADIUS configs for EAP-PEAP tests

author Nick Porter <nick@portercomputing.co.uk>

Wed, 13 Nov 2024 14:10:34 +0000 (14:10 +0000)

committer Nick Porter <nick@portercomputing.co.uk>

Wed, 13 Nov 2024 17:07:47 +0000 (17:07 +0000)
author Nick Porter <nick@portercomputing.co.uk>
Wed, 13 Nov 2024 14:10:34 +0000 (14:10 +0000)
committer Nick Porter <nick@portercomputing.co.uk>
Wed, 13 Nov 2024 17:07:47 +0000 (17:07 +0000)
diff --git a/src/tests/eapol_test/config/peap-client-mschapv2/methods-enabled/peap-client-mschapv2 b/src/tests/eapol_test/config/peap-client-mschapv2/methods-enabled/peap-client-mschapv2

new file mode 100644 (file)

index 0000000..793cbc8
--- /dev/null
+++ b/src/tests/eapol_test/config/peap-client-mschapv2/methods-enabled/peap-client-mschapv2
@@ -0,0 +1,8 @@
+type = peap
+type = mschapv2
+peap {
+       tls = tls-common
+       default_eap_type = mschapv2
+       virtual_server = "inner-tunnel"
+       require_client_certificate = "yes"
+}
diff --git a/src/tests/eapol_test/config/peap-client-mschapv2/sites-enabled/peap-client-mschapv2 b/src/tests/eapol_test/config/peap-client-mschapv2/sites-enabled/peap-client-mschapv2

new file mode 100644 (file)

index 0000000..e699ac7
--- /dev/null
+++ b/src/tests/eapol_test/config/peap-client-mschapv2/sites-enabled/peap-client-mschapv2
@@ -0,0 +1,46 @@
+server inner-tunnel {
+       namespace = radius
+
+recv Access-Request {
+       copy_request_to_tunnel
+       filter_username
+       filter_inner_identity
+
+       split_username_nai
+       &control.Password.Cleartext := &Stripped-User-Name
+
+       chap
+       mschap
+       eap {
+               ok = return
+       }
+
+       files
+
+       pap
+}
+
+authenticate pap {
+       pap
+}
+
+authenticate chap {
+       chap
+}
+
+authenticate mschap {
+       mschap
+}
+
+authenticate eap {
+       eap
+}
+
+send Access-Accept {
+       ok
+}
+
+send Access-Reject {
+       ok
+}
+}
diff --git a/src/tests/eapol_test/config/peap-eap-gtc/methods-enabled/peap-eap-gtc b/src/tests/eapol_test/config/peap-eap-gtc/methods-enabled/peap-eap-gtc

new file mode 100644 (file)

index 0000000..3cb5291
--- /dev/null
+++ b/src/tests/eapol_test/config/peap-eap-gtc/methods-enabled/peap-eap-gtc
@@ -0,0 +1,11 @@
+type = peap
+type = gtc
+peap {
+       tls = tls-common
+       default_eap_type = gtc
+       virtual_server = "inner-tunnel"
+}
+gtc {
+       auth_type = pap
+}
+
diff --git a/src/tests/eapol_test/config/peap-eap-gtc/sites-enabled/peap-eap-gtc b/src/tests/eapol_test/config/peap-eap-gtc/sites-enabled/peap-eap-gtc

new file mode 100644 (file)

index 0000000..e699ac7
--- /dev/null
+++ b/src/tests/eapol_test/config/peap-eap-gtc/sites-enabled/peap-eap-gtc
@@ -0,0 +1,46 @@
+server inner-tunnel {
+       namespace = radius
+
+recv Access-Request {
+       copy_request_to_tunnel
+       filter_username
+       filter_inner_identity
+
+       split_username_nai
+       &control.Password.Cleartext := &Stripped-User-Name
+
+       chap
+       mschap
+       eap {
+               ok = return
+       }
+
+       files
+
+       pap
+}
+
+authenticate pap {
+       pap
+}
+
+authenticate chap {
+       chap
+}
+
+authenticate mschap {
+       mschap
+}
+
+authenticate eap {
+       eap
+}
+
+send Access-Accept {
+       ok
+}
+
+send Access-Reject {
+       ok
+}
+}
diff --git a/src/tests/eapol_test/config/peap-mschapv2/methods-enabled/peap-mschapv2 b/src/tests/eapol_test/config/peap-mschapv2/methods-enabled/peap-mschapv2

new file mode 100644 (file)

index 0000000..7503479
--- /dev/null
+++ b/src/tests/eapol_test/config/peap-mschapv2/methods-enabled/peap-mschapv2
@@ -0,0 +1,7 @@
+type = peap
+type = mschapv2
+peap {
+       tls = tls-common
+       default_eap_type = mschapv2
+       virtual_server = "inner-tunnel"
+}
diff --git a/src/tests/eapol_test/config/peap-mschapv2/sites-enabled/peap-mschapv2 b/src/tests/eapol_test/config/peap-mschapv2/sites-enabled/peap-mschapv2

new file mode 100644 (file)

index 0000000..e699ac7
--- /dev/null
+++ b/src/tests/eapol_test/config/peap-mschapv2/sites-enabled/peap-mschapv2
@@ -0,0 +1,46 @@
+server inner-tunnel {
+       namespace = radius
+
+recv Access-Request {
+       copy_request_to_tunnel
+       filter_username
+       filter_inner_identity
+
+       split_username_nai
+       &control.Password.Cleartext := &Stripped-User-Name
+
+       chap
+       mschap
+       eap {
+               ok = return
+       }
+
+       files
+
+       pap
+}
+
+authenticate pap {
+       pap
+}
+
+authenticate chap {
+       chap
+}
+
+authenticate mschap {
+       mschap
+}
+
+authenticate eap {
+       eap
+}
+
+send Access-Accept {
+       ok
+}
+
+send Access-Reject {
+       ok
+}
+}
diff --git a/src/tests/eapol_test/config/peap/methods-enabled/peap b/src/tests/eapol_test/config/peap/methods-enabled/peap

deleted file mode 100644 (file)

index 73bac2d..0000000
--- a/src/tests/eapol_test/config/peap/methods-enabled/peap
+++ /dev/null
@@ -1,52 +0,0 @@
-type = peap
-peap {
-       #  Which tls-config section the TLS negotiation parameters
-       #  are in - see EAP-TLS above for an explanation.
-       #
-       #  In the case that an old configuration from FreeRADIUS
-       #  v2.x is being used, all the options of the tls-config
-       #  section may also appear instead in the 'tls' section
-       #  above. If that is done, the tls= option here (and in
-       #  tls above) MUST be commented out.
-       #
-       tls = tls-common
-
-       #  The tunneled EAP session needs a default
-       #  EAP type which is separate from the one for
-       #  the non-tunneled EAP module.  Inside of the
-       #  PEAP tunnel, we recommend using MS-CHAPv2,
-       #  as that is the default type supported by
-       #  Windows clients.
-       #
-       default_eap_type = mschapv2
-
-       #  When the tunneled session is proxied, the
-       #  home server may not understand EAP-MSCHAP-V2.
-       #  Set this entry to "no" to proxy the tunneled
-       #  EAP-MSCHAP-V2 as normal MSCHAPv2.
-       #
-#      proxy_tunneled_request_as_eap = yes
-
-       #
-       #  The inner tunneled request can be sent
-       #  through a virtual server constructed
-       #  specifically for this purpose.
-       #
-       #  If this entry is commented out, the inner
-       #  tunneled request will be sent through
-       #  the virtual server that processed the
-       #  outer requests.
-       #
-       virtual_server = "inner-tunnel"
-
-       #
-       # Unlike EAP-TLS, PEAP does not require a client certificate.
-       # However, you can require one by setting the following
-       # option. You can also override this option by setting
-       #
-       #       EAP-TLS-Require-Client-Cert = Yes
-       #
-       # in the control items for a request.
-       #
-#      require_client_cert = yes
-}
author	Nick Porter <nick@portercomputing.co.uk>
	Wed, 13 Nov 2024 14:10:34 +0000 (14:10 +0000)
committer	Nick Porter <nick@portercomputing.co.uk>
	Wed, 13 Nov 2024 17:07:47 +0000 (17:07 +0000)
src/tests/eapol_test/config/peap-client-mschapv2/methods-enabled/peap-client-mschapv2	[new file with mode: 0644]	patch \| blob
src/tests/eapol_test/config/peap-client-mschapv2/sites-enabled/peap-client-mschapv2	[new file with mode: 0644]	patch \| blob
src/tests/eapol_test/config/peap-eap-gtc/methods-enabled/peap-eap-gtc	[new file with mode: 0644]	patch \| blob
src/tests/eapol_test/config/peap-eap-gtc/sites-enabled/peap-eap-gtc	[new file with mode: 0644]	patch \| blob
src/tests/eapol_test/config/peap-mschapv2/methods-enabled/peap-mschapv2	[new file with mode: 0644]	patch \| blob
src/tests/eapol_test/config/peap-mschapv2/sites-enabled/peap-mschapv2	[new file with mode: 0644]	patch \| blob
src/tests/eapol_test/config/peap/methods-enabled/peap	[deleted file]	patch \| blob \| blame \| history