From: Nick Porter Date: Wed, 13 Nov 2024 14:10:34 +0000 (+0000) Subject: Fix up FreeRADIUS configs for EAP-PEAP tests X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d9d020acf6e9be3537c6c64be810a8358fe34f6c;p=thirdparty%2Ffreeradius-server.git Fix up FreeRADIUS configs for EAP-PEAP tests --- diff --git a/src/tests/eapol_test/config/peap-client-mschapv2/methods-enabled/peap-client-mschapv2 b/src/tests/eapol_test/config/peap-client-mschapv2/methods-enabled/peap-client-mschapv2 new file mode 100644 index 00000000000..793cbc8cfd3 --- /dev/null +++ b/src/tests/eapol_test/config/peap-client-mschapv2/methods-enabled/peap-client-mschapv2 @@ -0,0 +1,8 @@ +type = peap +type = mschapv2 +peap { + tls = tls-common + default_eap_type = mschapv2 + virtual_server = "inner-tunnel" + require_client_certificate = "yes" +} diff --git a/src/tests/eapol_test/config/peap-client-mschapv2/sites-enabled/peap-client-mschapv2 b/src/tests/eapol_test/config/peap-client-mschapv2/sites-enabled/peap-client-mschapv2 new file mode 100644 index 00000000000..e699ac71633 --- /dev/null +++ b/src/tests/eapol_test/config/peap-client-mschapv2/sites-enabled/peap-client-mschapv2 @@ -0,0 +1,46 @@ +server inner-tunnel { + namespace = radius + +recv Access-Request { + copy_request_to_tunnel + filter_username + filter_inner_identity + + split_username_nai + &control.Password.Cleartext := &Stripped-User-Name + + chap + mschap + eap { + ok = return + } + + files + + pap +} + +authenticate pap { + pap +} + +authenticate chap { + chap +} + +authenticate mschap { + mschap +} + +authenticate eap { + eap +} + +send Access-Accept { + ok +} + +send Access-Reject { + ok +} +} diff --git a/src/tests/eapol_test/config/peap-eap-gtc/methods-enabled/peap-eap-gtc b/src/tests/eapol_test/config/peap-eap-gtc/methods-enabled/peap-eap-gtc new file mode 100644 index 00000000000..3cb52910a1d --- /dev/null +++ b/src/tests/eapol_test/config/peap-eap-gtc/methods-enabled/peap-eap-gtc @@ -0,0 +1,11 @@ +type = peap +type = gtc +peap { + tls = tls-common + default_eap_type = gtc + virtual_server = "inner-tunnel" +} +gtc { + auth_type = pap +} + diff --git a/src/tests/eapol_test/config/peap-eap-gtc/sites-enabled/peap-eap-gtc b/src/tests/eapol_test/config/peap-eap-gtc/sites-enabled/peap-eap-gtc new file mode 100644 index 00000000000..e699ac71633 --- /dev/null +++ b/src/tests/eapol_test/config/peap-eap-gtc/sites-enabled/peap-eap-gtc @@ -0,0 +1,46 @@ +server inner-tunnel { + namespace = radius + +recv Access-Request { + copy_request_to_tunnel + filter_username + filter_inner_identity + + split_username_nai + &control.Password.Cleartext := &Stripped-User-Name + + chap + mschap + eap { + ok = return + } + + files + + pap +} + +authenticate pap { + pap +} + +authenticate chap { + chap +} + +authenticate mschap { + mschap +} + +authenticate eap { + eap +} + +send Access-Accept { + ok +} + +send Access-Reject { + ok +} +} diff --git a/src/tests/eapol_test/config/peap-mschapv2/methods-enabled/peap-mschapv2 b/src/tests/eapol_test/config/peap-mschapv2/methods-enabled/peap-mschapv2 new file mode 100644 index 00000000000..7503479793c --- /dev/null +++ b/src/tests/eapol_test/config/peap-mschapv2/methods-enabled/peap-mschapv2 @@ -0,0 +1,7 @@ +type = peap +type = mschapv2 +peap { + tls = tls-common + default_eap_type = mschapv2 + virtual_server = "inner-tunnel" +} diff --git a/src/tests/eapol_test/config/peap-mschapv2/sites-enabled/peap-mschapv2 b/src/tests/eapol_test/config/peap-mschapv2/sites-enabled/peap-mschapv2 new file mode 100644 index 00000000000..e699ac71633 --- /dev/null +++ b/src/tests/eapol_test/config/peap-mschapv2/sites-enabled/peap-mschapv2 @@ -0,0 +1,46 @@ +server inner-tunnel { + namespace = radius + +recv Access-Request { + copy_request_to_tunnel + filter_username + filter_inner_identity + + split_username_nai + &control.Password.Cleartext := &Stripped-User-Name + + chap + mschap + eap { + ok = return + } + + files + + pap +} + +authenticate pap { + pap +} + +authenticate chap { + chap +} + +authenticate mschap { + mschap +} + +authenticate eap { + eap +} + +send Access-Accept { + ok +} + +send Access-Reject { + ok +} +} diff --git a/src/tests/eapol_test/config/peap/methods-enabled/peap b/src/tests/eapol_test/config/peap/methods-enabled/peap deleted file mode 100644 index 73bac2d3937..00000000000 --- a/src/tests/eapol_test/config/peap/methods-enabled/peap +++ /dev/null @@ -1,52 +0,0 @@ -type = peap -peap { - # Which tls-config section the TLS negotiation parameters - # are in - see EAP-TLS above for an explanation. - # - # In the case that an old configuration from FreeRADIUS - # v2.x is being used, all the options of the tls-config - # section may also appear instead in the 'tls' section - # above. If that is done, the tls= option here (and in - # tls above) MUST be commented out. - # - tls = tls-common - - # The tunneled EAP session needs a default - # EAP type which is separate from the one for - # the non-tunneled EAP module. Inside of the - # PEAP tunnel, we recommend using MS-CHAPv2, - # as that is the default type supported by - # Windows clients. - # - default_eap_type = mschapv2 - - # When the tunneled session is proxied, the - # home server may not understand EAP-MSCHAP-V2. - # Set this entry to "no" to proxy the tunneled - # EAP-MSCHAP-V2 as normal MSCHAPv2. - # -# proxy_tunneled_request_as_eap = yes - - # - # The inner tunneled request can be sent - # through a virtual server constructed - # specifically for this purpose. - # - # If this entry is commented out, the inner - # tunneled request will be sent through - # the virtual server that processed the - # outer requests. - # - virtual_server = "inner-tunnel" - - # - # Unlike EAP-TLS, PEAP does not require a client certificate. - # However, you can require one by setting the following - # option. You can also override this option by setting - # - # EAP-TLS-Require-Client-Cert = Yes - # - # in the control items for a request. - # -# require_client_cert = yes -}