Re: EAP/Password File problems - EAP-TTLS - Tru64

2002-01-14 Thread Chuck Phillips 



--On Wednesday, January 02, 2002 2:42 PM -0500 [EMAIL PROTECTED] wrote:

 Brandon Saunders [EMAIL PROTECTED] wrote:
 I am testing my wireless access point against a test freeradius server
 complied with the EAP module.  I am using the UNIX user files as the
 authentication source.  When a client tries to authenticate, the access
 point sends the EAP message encapsulated in RADIUS.

   Right now, the server only supports EAP-MD5.

   You'll have to do PAP authentication to authenticate against
 /etc/passwd.

   If you're using the radius 'users' file, then EAP-MD5 should work.


Could you elaborate on this so that even I can understand? Are you saying
I can use /etc/passwd if I have the users file set up right? Or are you
saying that I have to add each user to the users file individually?


In my Users file I have this:

DEFAULT  Auth-Type := EAP


Here is the debugging output from radiusd:


rad_recv: Access-Request packet from host 129.24.17.184:1338, id=128, length=121
User-Name = chuckp
NAS-IP-Address = cirt-0045.unm.edu
Called-Station-Id = 0040963204c3
Calling-Station-Id = 004096355da6
NAS-Identifier = cirttest
NAS-Port = 29
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = \002%\000\013\001chuckp
Message-Authenticator = 0xf5c85910439187275e1b45b3f892fbb2
modcall: entering group authorize
  modcall[authorize]: module eap returns updated
  modcall[authorize]: module preprocess returns ok
  modcall[authorize]: module suffix returns ok
users: Matched DEFAULT at 1
  modcall[authorize]: module files returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type EAP
modcall: entering group authenticate
rlm_eap: Invalid user, authentication failed
  modcall[authenticate]: module eap returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Login incorrect: [chuckp] (from nas wless port 29 cli 004096355da6)
Sending Access-Reject of id 128 to 129.24.17.185:1338




chuck
[EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP/Password File problems - EAP-TTLS - Tru64

2002-01-14 Thread aland 

Chuck Phillips [EMAIL PROTECTED] wrote:
If you're using the radius 'users' file, then EAP-MD5 should work.
 
 Could you elaborate on this so that even I can understand? Are you saying
 I can use /etc/passwd if I have the users file set up right?

  No.  You need to supply a plain-text password.

 Or are you saying that I have to add each user to the users file
 individually?

  For now, yes.

 In my Users file I have this:
 
 DEFAULT  Auth-Type := EAP

  And where, exactly is the password that is used for each user to
authenticate?

  You need to supply a plain-text password.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP/Password File problems - EAP-TTLS - Tru64

2002-01-14 Thread Yuan Yuan 


Now I am working on EAP/TLS intergration with Freeraduis. Would you please 
tell me whether Freeradius support EAP/TLS? 

where can I download the EAP/TLS module? please give me some advice on this.
I really need this information! thank very much!

On Monday 14 January 2002 12:00 pm, you wrote:
 --On Wednesday, January 02, 2002 2:42 PM -0500 [EMAIL PROTECTED] 
wrote:
  Brandon Saunders [EMAIL PROTECTED] wrote:
  I am testing my wireless access point against a test freeradius server
  complied with the EAP module.  I am using the UNIX user files as the
  authentication source.  When a client tries to authenticate, the access
  point sends the EAP message encapsulated in RADIUS.
 
Right now, the server only supports EAP-MD5.
 
You'll have to do PAP authentication to authenticate against
  /etc/passwd.
 
If you're using the radius 'users' file, then EAP-MD5 should work.

 Could you elaborate on this so that even I can understand? Are you saying
 I can use /etc/passwd if I have the users file set up right? Or are you
 saying that I have to add each user to the users file individually?


 In my Users file I have this:

 DEFAULT  Auth-Type := EAP


 Here is the debugging output from radiusd:


 rad_recv: Access-Request packet from host 129.24.17.184:1338, id=128,
 length=121 User-Name = chuckp
 NAS-IP-Address = cirt-0045.unm.edu
 Called-Station-Id = 0040963204c3
 Calling-Station-Id = 004096355da6
 NAS-Identifier = cirttest
 NAS-Port = 29
 Framed-MTU = 1400
 NAS-Port-Type = Wireless-802.11
 EAP-Message = \002%\000\013\001chuckp
 Message-Authenticator = 0xf5c85910439187275e1b45b3f892fbb2
 modcall: entering group authorize
   modcall[authorize]: module eap returns updated
   modcall[authorize]: module preprocess returns ok
   modcall[authorize]: module suffix returns ok
 users: Matched DEFAULT at 1
   modcall[authorize]: module files returns ok
 modcall: group authorize returns updated
   rad_check_password:  Found Auth-Type EAP
 auth: type EAP
 modcall: entering group authenticate
 rlm_eap: Invalid user, authentication failed
   modcall[authenticate]: module eap returns invalid
 modcall: group authenticate returns invalid
 auth: Failed to validate the user.
 Login incorrect: [chuckp] (from nas wless port 29 cli 004096355da6)
 Sending Access-Reject of id 128 to 129.24.17.185:1338




 chuck
 [EMAIL PROTECTED]


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP/Password File problems - EAP-TTLS - Tru64

2002-01-14 Thread aland 

Yuan Yuan [EMAIL PROTECTED] wrote:
 Now I am working on EAP/TLS intergration with Freeraduis. Would you please 
 tell me whether Freeradius support EAP/TLS? 

  No, it doesn't.  Sorry.

  As always, patches are welcome.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP/Password File problems - EAP-TTLS - Tru64

2002-01-14 Thread Yuan Yuan 


but Freeraduis does support EAP, and can be compiled with EAP module, right?


On Monday 14 January 2002 02:11 pm, you wrote:
 Yuan Yuan [EMAIL PROTECTED] wrote:
  Now I am working on EAP/TLS intergration with Freeraduis. Would you
  please tell me whether Freeradius support EAP/TLS?

   No, it doesn't.  Sorry.

   As always, patches are welcome.

   Alan DeKok.

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP/Password File problems - EAP-TTLS - Tru64

2002-01-14 Thread Yuan Yuan 

oh, Thanks

would you please tell where can I find the EAP-MD5 module? 

On Monday 14 January 2002 02:24 pm, you wrote:
 Yuan Yuan [EMAIL PROTECTED] wrote:
  but Freeraduis does support EAP, and can be compiled with EAP module,
  right?

   Yes.  But right now, it only supports EAP-MD5.

   Alan DeKok.

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: EAP/Password File problems - EAP-TTLS - Tru64

2002-01-14 Thread 


 I am newcomer to this mailing list.
 I am studying on radius authentication method, and want to know where 
can I find the EAP-MD5 module.
 Now I hope that I can test aboe module.
 Please let me know.

-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-users-
[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, January 15, 2002 4:36 AM
To: [EMAIL PROTECTED]
Subject: Re: EAP/Password File problems - EAP-TTLS - Tru64 


Yuan Yuan [EMAIL PROTECTED] wrote:
 would you please tell where can I find the EAP-MD5 module? 

  Look in the tar file.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html.+-Šwèþ˛±ÊâmïîžË›±Êâmäžzm§ÿðÃëyêÚv+¬¢¸?–+-þë®Èmš

Re: EAP/Password File problems - EAP-TTLS - Tru64

2002-01-02 Thread aland 

Brandon Saunders [EMAIL PROTECTED] wrote:
 I am testing my wireless access point against a test freeradius server 
 complied with the EAP module.  I am using the UNIX user files as the 
 authentication source.  When a client tries to authenticate, the access 
 point sends the EAP message encapsulated in RADIUS.

  Right now, the server only supports EAP-MD5.

  You'll have to do PAP authentication to authenticate against
/etc/passwd.

  If you're using the radius 'users' file, then EAP-MD5 should work.

  The RADIUS server 
 should then do a challenge and respond, but nothing is sent back but and 
 access reject.  Upon looking at the log files, it appears that the server 
 is trying to do the authentication without the password.  I get log lines 
 that look like:
 
 Fri Dec 28 10:51:51 2001 : Auth: Login incorrect: [test/no Password 
 attribute] (from nas HDLwireless port 29 cli 004096501888)

  You haven't configured it to use EAP for authentication.

  Configuring EAP in 'radiusd.conf' *allows* the server to use EAP,
but it does not tell the server which requests get authenticated via
EAP, and which do not.
 
 Anyone have any ideas why the challenge and respond is getting sent back?
 I know EAP support is still in development, could this be a bug?
 Do I have something setup wrong?  I will send out my configuration file if 
 anyone thinks it will be of help.

  Search the list archives for a message on getting EAP working.
 
 I am currently just working with EAP-MD5.  Has anyone considered 
 implementing EAP-TTLS?

  It's a lot of work.

 I am also interested in running freeradius on Alpha/Tru64.  I appears to 
 compile OK, but I am having some linking problems.

  Then do:

./configure --disable-shared

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html