LEAP
We have configured freeradius-snapshot-20030310 with LEAP and using Cisco Aironet 350. We've done some modification, and we're using rlm_smb to authorize and read the NThash from /etc/smbpasswd. First time a user logs on, it works. If we reset the 802.11 card and try to log on, it's fails in LEAP stage 4(memcmp(local,packet)). We are not sure, but it seems like we can log on after a while. If we change the random challenge string to a static string, it works as expexted. Is it possible that there is a problem with cleanup from earlier logon session??? (We may have done something stupid in our modification of the program.) Margrete - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MD5 passwd ecryption (was Re: Error about:rlm_eap_md5)
On Tue, 7 Jan 2003, Shawn Adams wrote: I guess my big dissapointent is the user password is in clear text in the /etc/raddb/users.conf file. Which is just another administrative task to maintain. We are migrating to LDAP. I am trying to get EAP/MD5 to work with LDAP. Of course there are no clear text passwords in the LDAP base as that would result in clear text passwords across the network, they are MD5-encrypted. The passwords don't really have to be in clear text, do they? Margrete - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dial-up access
This is probably a very stupud question, but here goes. I use freeradius to authenticate both for logging onto routers and lockkey. I tried to set up freeradius to authenticate our dialup service (ISDN, Cisco 3640 12.2(5a)), but how do I let in these users without allowing them access to the router? The simplest form: DEFAULT Auth-Type := System will let the users log onto the router too. I have tried several ways, but as I don't have a separate system to test on, I don't want to bother the users too much :) Margrete - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco, MD5, Windows XP
We have the following: Win XP - Cisco 2950 - Solaris/Freeradius Freeradius authenticates üsing Unix PW, and we are trying to make the Cisco 2950 authenticate the XP user who is using MD5. Has anybody done this? I would appreciate some help. In users we have tried: myuser Auth-Type := EAP, User-Password == youwish Fall-Through = Yes myuser Auth-Type := local, User-Password == youwish Fall-Through = Yes and myuser Auth-Type := System Fall-Through = Yes in radiusd.conf we have default_eap_type = md5 Example of failure: Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on 1647/udp. Ready to process requests. rad_recv: Access-Request packet from host 10.10.10.10:1812, id=17, length=102 NAS-IP-Address = 10.10.10.10 NAS-Port = 50001 NAS-Port-Type = Ethernet User-Name = myuser Calling-Station-Id = 00-06-5B-AA-A6-## Service-Type = Framed-User EAP-Message = \002\002\000\013\001myuser Message-Authenticator = 0x93d0544093fbe6803415e666a485dd68 modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module eap returns updated modcall[authorize]: module suffix returns ok users: Matched mraaum at 152 users: Matched DEFAULT at 215 modcall[authorize]: module files returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Sending Access-Reject of id 17 to 10.10.10.10:1812 Margrete - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
