Hi all,
You are right Guy, Aoun confused between supplicant and authenticator.
Yesterday I've given the EAP md5 conf for "xsupplicant.conf" wich is the
file config of the user and not the freeradius server, in freeradius for
the simplest config you can let the radiusd.conf as default, just edit
"users" file and "clients.conf" file.
I give the conf one more time and it works on my side:
Xsupplicant.conf, but I think all user soft need the same parameters
because the radius server wait for this informations :
mynetwork {
allow_types = eap_md5
identity = <BEGIN_ID>login<END_ID> #Identification
eap-md5 {
username = <BEGIN_UNAME>login<END_UNAME> # Authentication
password = <BEGIN_PASS>password<END_PASS>
}
}
Now, you need to configure your Freeradius "users" file :
radiustestor Auth-Type := EAP, User-Password == "password"
Service-Type = Framed-User.
Aoun, If you're switch is well configured, it works perfect, dont forget
the secret key in radius entry on your switch and in the clients.conf on
the radiusserver. If you have more questions, try to ask questions step by
step. User config/switch config/Freeradius server config.
Keep Hope
Fred
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Alan,
>
> I suspect that Aoun is using xsupplicant. The format he's described is
> actually consistant with xsupplicant.conf for the latest CVS version.
>
> If I'm correct, then this configuration is actually on his laptop, not in
> radius.conf. If it is in radius.conf, then I've no idea what he's doing
> ;-)
>
> Regards,
>
> Guy
>
>> -----Original Message-----
>> From: Alan DeKok [mailto:[EMAIL PROTECTED]
>> Sent: 07 April 2004 19:30
>> To: [EMAIL PROTECTED]
>> Subject: Re: 802.1x port authentication with Freeradius
>>
>>
>> Aoun Shah <[EMAIL PROTECTED]> wrote:
>> > on the raduis server I have this entries in radius.conf file
>> >
>> > eap {
>> >
>> > md5 {
>> > username =
>> <BEGIN_UNAME>radiuser11<END_UNAME>
>> > password = <BEGIN_PASS> radiuser11<END_PASS>
>>
>> I don't see why you're putting a username & password into the md5
>> configuration. Nothing in the server leads you to believe that does
>> anything.
>>
>> > with the above all given entries I am able to get the
>> following result.
>> >
>> > 18:11:19.828169 129.69.1.50.radius >
>> testserv.rus.uni-stuttgart.de.radius: rad-access-req 104 [id
>> 49] Attr[ NAS_ipaddr{129.69.1.50} NAS_port_type{Async}
>> User{radiuser11} Service_type{Framed}
>> Framed_mtu{1500}(zero-length attribute)
>> >
>>
>> TCPdump is useless for debugging the servers configuration. See the
>> FAQ & README's for instructions on running in debugging mode.
>>
>> Alan Dekok.
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
>
> iQA/AwUBQHRSS43dwu/Ss2PCEQKKZQCg4tAJKd5abkFmOShSfrFZ0spUyx0An2zc
> 6+0gxWwIltqbSHDzeHjyWE6p
> =cpTE
> -----END PGP SIGNATURE-----
>
> Visit us at InfoSecurity - The largest security fair in the world!
> 27th - 29th April 2004
> London Olympia
> Stand no. 130
>
> Get your free tickets on www.telindus.co.uk
>
> This e-mail is private and may be confidential and is for the intended
> recipient only. If misdirected, please notify us by telephone and confirm
> that it has been deleted from your system and any copies destroyed. If
> you
> are not the intended recipient you are strictly prohibited from using,
> printing, copying, distributing or disseminating this e-mail or any
> information contained in it. We use reasonable endeavours to virus scan
> all
> e-mails leaving the Company but no warranty is given that this e-mail and
> any attachments are virus free. You should undertake your own virus
> checking. The right to monitor e-mail communications through our network
> is
> reserved by us.
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
