Hello all, I'm trying to set up my network switches to authenticate to my freeradius server and allow access based on their system password. It works if I add a test user to 'users' with a plaintext password. However, since the system password is encrypted, there's no way to use md5. I suppose this is where TLS comes in, but I've found it doesn't work:
rad_recv: Access-Request packet from host 130.203.x.x:2050, id=56, length=104 User-Name = "nate" NAS-Port = 305 NAS-Port-Type = Ethernet NAS-IP-Address = 130.203.x.x Service-Type = Framed-User Framed-MTU = 1024 Calling-Station-Id = "00-0A-95-BC-9E-C6" EAP-Message = 0x02360009016e617465 Message-Authenticator = 0x4b00ef6de3685827fd57934007877a0c modcall: entering group authorize rlm_eap: EAP packet type notification id 54 length 9 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: EAP packet type notification id 54 length 9 rlm_eap: EAP Start not found rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Login OK: [nate] (from client 3com port 305 cli 00-0A-95-BC-9E-C6) Sending Access-Challenge of id 56 to 130.203.126.22:2050 EAP-Message = 0x013700060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x20176ed82e3445ac575b0435ee536df8400ee093bad82b882a262918ab06f774ddfb2a94 This seems to indicate that rlm_eap_tls is failing? Is there any indication why? --nate - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html