Hello all,
I'm trying to set up my network switches to authenticate to my
freeradius server and allow access based on their system password. It
works if I add a test user to 'users' with a plaintext password.
However, since the system password is encrypted, there's no way to use
md5. I suppose this is where TLS comes in, but I've found it doesn't
work:
rad_recv: Access-Request packet from host 130.203.x.x:2050, id=56, length=104
User-Name = "nate"
NAS-Port = 305
NAS-Port-Type = Ethernet
NAS-IP-Address = 130.203.x.x
Service-Type = Framed-User
Framed-MTU = 1024
Calling-Station-Id = "00-0A-95-BC-9E-C6"
EAP-Message = 0x02360009016e617465
Message-Authenticator = 0x4b00ef6de3685827fd57934007877a0c
modcall: entering group authorize
rlm_eap: EAP packet type notification id 54 length 9
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: EAP packet type notification id 54 length 9
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Login OK: [nate] (from client 3com port 305 cli 00-0A-95-BC-9E-C6)
Sending Access-Challenge of id 56 to 130.203.126.22:2050
EAP-Message = 0x013700060d20
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x20176ed82e3445ac575b0435ee536df8400ee093bad82b882a262918ab06f774ddfb2a94
This seems to indicate that rlm_eap_tls is failing? Is there any
indication why?
--nate
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
