There are 2 types of EAP authentications that are currently
supported by
Freeradius
1. EAP-MD5
2. EAP-TLS
The one which you tested is EAP-md5. It is just similar to CHAP
authentication.
It works only with PLAIN TEXT passwords.
So if you have plain text password stored in files,
hello
I don't understand where this restriction comes from. Once the FreeRADIUS server
gets the
password from the NAS, what prevents it from checking that password against
/etc/shadow,
PAM, another RADIUS server, or whatever?
in fact, it's not a restriction of freeradius. it's a
On Tue, Apr 02, 2002 at 04:43:43PM -0600, McNutt, Justin M. wrote:
Okay, so the way that Microsoft's RADIUS server gets away with this is due to the
fact that in a Microsoft domain, user names and passwords are not stored using strong
(one-way) encryption. You can decrypt the password file.
McNutt, Justin M. wrote:
Again, same idea. MS uses the repository of password-equivalent strings that are
stored in Active Directory, the NT domain, whatever to compare against the
authentication string provided in the EAP request.
The problem I have with all of this is the fact that
On Tue, Apr 02, 2002 at 05:53:28PM -0600, McNutt, Justin M. wrote:
The problem I have with all of this is the fact that the actual passwords can be
deduced using the cleartext equivalent that MS stores. This is a huge weakness in
NT/2K-based authentication that I was hoping to get around
Okay, new question:
Now that I have the NAS talking to the RADIUS server properly, I need the RADIUS
server to use something other than hard-coded passwords when it authenticates using
Auth-Type := EAP. Here's an example from /usr/local/etc/raddb/users:
gilpina Auth-Type := EAP
McNutt, Justin M. wrote:
Okay, new question:
Now that I have the NAS talking to the RADIUS server properly,
I need the RADIUS server to use something other than hard-coded
passwords
when it authenticates using Auth-Type := EAP. Here's an example from
/usr/local/etc/raddb/users:
Title: shinbiro mail edior
Hi.
I use "FreeRADIUS Version 0.5, for host i686-pc-linux-gnu, built on
Mar 7 2002 at 02:11:01"
I edit users file the following.
DEFAULT Auth-Type :=3D EAP=
Fall-Through =3D 1
Also, I edit radiusd.conf
eap {=
bsp;=
; default_eap_type =3D md5
=
timer_expire =