RE: EAP-MD5: Password sources

2002-04-02 Thread McNutt, Justin M.
There are 2 types of EAP authentications that are currently supported by Freeradius 1. EAP-MD5 2. EAP-TLS The one which you tested is EAP-md5. It is just similar to CHAP authentication. It works only with PLAIN TEXT passwords. So if you have plain text password stored in files,

Re: EAP-MD5: Password sources

2002-04-02 Thread Artur Hecker
hello I don't understand where this restriction comes from. Once the FreeRADIUS server gets the password from the NAS, what prevents it from checking that password against /etc/shadow, PAM, another RADIUS server, or whatever? in fact, it's not a restriction of freeradius. it's a

Re: FW: EAP-MD5: Password sources

2002-04-02 Thread Frank Cusack
On Tue, Apr 02, 2002 at 04:43:43PM -0600, McNutt, Justin M. wrote: Okay, so the way that Microsoft's RADIUS server gets away with this is due to the fact that in a Microsoft domain, user names and passwords are not stored using strong (one-way) encryption. You can decrypt the password file.

Re: FW: EAP-MD5: Password sources

2002-04-02 Thread Raghu
McNutt, Justin M. wrote: Again, same idea. MS uses the repository of password-equivalent strings that are stored in Active Directory, the NT domain, whatever to compare against the authentication string provided in the EAP request. The problem I have with all of this is the fact that

Re: FW: EAP-MD5: Password sources

2002-04-02 Thread Frank Cusack
On Tue, Apr 02, 2002 at 05:53:28PM -0600, McNutt, Justin M. wrote: The problem I have with all of this is the fact that the actual passwords can be deduced using the cleartext equivalent that MS stores. This is a huge weakness in NT/2K-based authentication that I was hoping to get around

EAP-MD5: Password sources

2002-04-01 Thread McNutt, Justin M.
Okay, new question: Now that I have the NAS talking to the RADIUS server properly, I need the RADIUS server to use something other than hard-coded passwords when it authenticates using Auth-Type := EAP. Here's an example from /usr/local/etc/raddb/users: gilpina Auth-Type := EAP

Re: EAP-MD5: Password sources

2002-04-01 Thread Raghu
McNutt, Justin M. wrote: Okay, new question: Now that I have the NAS talking to the RADIUS server properly, I need the RADIUS server to use something other than hard-coded passwords when it authenticates using Auth-Type := EAP. Here's an example from /usr/local/etc/raddb/users:

EAP-MD5/Password

2002-03-07 Thread ±è¿µ¹Î
Title: shinbiro mail edior Hi. I use "FreeRADIUS Version 0.5, for host i686-pc-linux-gnu, built on Mar 7 2002 at 02:11:01" I edit users file the following. DEFAULT Auth-Type :=3D EAP= Fall-Through =3D 1 Also, I edit radiusd.conf eap {= bsp;= ; default_eap_type =3D md5 = timer_expire =