I am working with freeradius-snapshot-20040601 on FreeBSD 5.2.1 This problem has been on the list several times but it seems the resolution was never clear to me on passing the User-Password to the EAP module. Other than making sure I have a userPassword from LDAP in clear text, which I do, I am at a loss of how to proceed.
Everything works fine through receiving the Access-Request, finding items in LDAP, matching in the users file and sending the Access-Challenge. Another Access-Request packet is received. LDAP and the users file are once again processed but now EAP complains that "User-Password is required for EAP-MD5 authentication". I get the same results whether using a WinXP supplicant or radeapclient. The exchange of packets from radeapclient are enclose below. I've tried to follow the documentation and understand the processing. I've overlooked something simple, what is it? Zoltan __________________________ %radeapclient -x localhost auth testing123 < req.txt +++> About to send encoded packet: User-Name = "m0999999" User-Password = "test123" EAP-MD5-Password = "test123" NAS-IP-Address = 147.133.230.16 EAP-Code = Response EAP-Id = 210 EAP-Type-Identity = "m0999999" Message-Authenticator = 0x00 NAS-Port = 0 lt-radeapclient in free(): warning: modified (chunk-) pointer Sending Access-Request of id 96 to 127.0.0.1:1812 User-Name = "m0999999" User-Password = "test123" NAS-IP-Address = 147.133.230.16 Message-Authenticator = 0x00000000000000000000000000000000 NAS-Port = 0 EAP-Message = 0x02d2000d016d30393939393939 rad_recv: Access-Challenge packet from host 127.0.0.1:1812, id=96, length=123 Filter-Id = "Enterasys:version=1:mgmt=:policy=Employee" EAP-Message = 0x01d300160410f04c4ba33e9d9f3aca9af78b81f64a68 Message-Authenticator = 0x662e7992eeca12aa06d14b8a6b052c23 State = 0xe644a9cda29ed90a30f86689aad948b0 <+++ EAP decoded packet: Filter-Id = "Enterasys:version=1:mgmt=:policy=Employee" EAP-Message = 0x01d300160410f04c4ba33e9d9f3aca9af78b81f64a68 Message-Authenticator = 0x662e7992eeca12aa06d14b8a6b052c23 State = 0xe644a9cda29ed90a30f86689aad948b0 EAP-Id = 211 EAP-Code = Request EAP-Type-MD5 = 0x10f04c4ba33e9d9f3aca9af78b81f64a68 +++> About to send encoded packet: User-Name = "m0999999" User-Password = "\254\357\345\026\203Zbc\225\344c)!\215\250[" EAP-MD5-Password = "test123" NAS-IP-Address = 147.133.230.16 EAP-Code = Response EAP-Id = 211 Message-Authenticator = 0x00000000000000000000000000000000 NAS-Port = 0 EAP-Type-MD5 = 0x10e6f368a0522d75a7a9bf169976998e6f State = 0xe644a9cda29ed90a30f86689aad948b0 lt-radeapclient in free(): warning: modified (chunk-) pointer Sending Access-Request of id 97 to 127.0.0.1:1812 User-Name = "m0999999" User-Password = "test123" NAS-IP-Address = 147.133.230.16 Message-Authenticator = 0x00000000000000000000000000000000 NAS-Port = 0 State = 0xe644a9cda29ed90a30f86689aad948b0 EAP-Message = 0x02d300160410e6f368a0522d75a7a9bf169976998e6f Re-sending Access-Request of id 97 to 127.0.0.1:1812 User-Name = "m0999999" User-Password = "\312Y\007h\267\351\340^m\031*B\232\344\344\032" EAP-MD5-Password = "test123" NAS-IP-Address = 147.133.230.16 EAP-Code = Response EAP-Id = 211 Message-Authenticator = 0x00000000000000000000000000000000 NAS-Port = 0 EAP-Type-MD5 = 0x10e6f368a0522d75a7a9bf169976998e6f State = 0xe644a9cda29ed90a30f86689aad948b0 EAP-Message = 0x02d300160410e6f368a0522d75a7a9bf169976998e6f rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=97, length=44 EAP-Message = 0x04d30004 Message-Authenticator = 0xca6ae166c955cb1aaf29ea1bdd5e823b <+++ EAP decoded packet: EAP-Message = 0x04d30004 Message-Authenticator = 0xca6ae166c955cb1aaf29ea1bdd5e823b EAP-Id = 211 EAP-Code = Failure - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html