Re: EAP/Password File problems - EAP-TTLS - Tru64
--On Wednesday, January 02, 2002 2:42 PM -0500 [EMAIL PROTECTED] wrote: Brandon Saunders [EMAIL PROTECTED] wrote: I am testing my wireless access point against a test freeradius server complied with the EAP module. I am using the UNIX user files as the authentication source. When a client tries to authenticate, the access point sends the EAP message encapsulated in RADIUS. Right now, the server only supports EAP-MD5. You'll have to do PAP authentication to authenticate against /etc/passwd. If you're using the radius 'users' file, then EAP-MD5 should work. Could you elaborate on this so that even I can understand? Are you saying I can use /etc/passwd if I have the users file set up right? Or are you saying that I have to add each user to the users file individually? In my Users file I have this: DEFAULT Auth-Type := EAP Here is the debugging output from radiusd: rad_recv: Access-Request packet from host 129.24.17.184:1338, id=128, length=121 User-Name = chuckp NAS-IP-Address = cirt-0045.unm.edu Called-Station-Id = 0040963204c3 Calling-Station-Id = 004096355da6 NAS-Identifier = cirttest NAS-Port = 29 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = \002%\000\013\001chuckp Message-Authenticator = 0xf5c85910439187275e1b45b3f892fbb2 modcall: entering group authorize modcall[authorize]: module eap returns updated modcall[authorize]: module preprocess returns ok modcall[authorize]: module suffix returns ok users: Matched DEFAULT at 1 modcall[authorize]: module files returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate rlm_eap: Invalid user, authentication failed modcall[authenticate]: module eap returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. Login incorrect: [chuckp] (from nas wless port 29 cli 004096355da6) Sending Access-Reject of id 128 to 129.24.17.185:1338 chuck [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/Password File problems - EAP-TTLS - Tru64
Chuck Phillips [EMAIL PROTECTED] wrote: If you're using the radius 'users' file, then EAP-MD5 should work. Could you elaborate on this so that even I can understand? Are you saying I can use /etc/passwd if I have the users file set up right? No. You need to supply a plain-text password. Or are you saying that I have to add each user to the users file individually? For now, yes. In my Users file I have this: DEFAULT Auth-Type := EAP And where, exactly is the password that is used for each user to authenticate? You need to supply a plain-text password. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/Password File problems - EAP-TTLS - Tru64
Now I am working on EAP/TLS intergration with Freeraduis. Would you please tell me whether Freeradius support EAP/TLS? where can I download the EAP/TLS module? please give me some advice on this. I really need this information! thank very much! On Monday 14 January 2002 12:00 pm, you wrote: --On Wednesday, January 02, 2002 2:42 PM -0500 [EMAIL PROTECTED] wrote: Brandon Saunders [EMAIL PROTECTED] wrote: I am testing my wireless access point against a test freeradius server complied with the EAP module. I am using the UNIX user files as the authentication source. When a client tries to authenticate, the access point sends the EAP message encapsulated in RADIUS. Right now, the server only supports EAP-MD5. You'll have to do PAP authentication to authenticate against /etc/passwd. If you're using the radius 'users' file, then EAP-MD5 should work. Could you elaborate on this so that even I can understand? Are you saying I can use /etc/passwd if I have the users file set up right? Or are you saying that I have to add each user to the users file individually? In my Users file I have this: DEFAULT Auth-Type := EAP Here is the debugging output from radiusd: rad_recv: Access-Request packet from host 129.24.17.184:1338, id=128, length=121 User-Name = chuckp NAS-IP-Address = cirt-0045.unm.edu Called-Station-Id = 0040963204c3 Calling-Station-Id = 004096355da6 NAS-Identifier = cirttest NAS-Port = 29 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = \002%\000\013\001chuckp Message-Authenticator = 0xf5c85910439187275e1b45b3f892fbb2 modcall: entering group authorize modcall[authorize]: module eap returns updated modcall[authorize]: module preprocess returns ok modcall[authorize]: module suffix returns ok users: Matched DEFAULT at 1 modcall[authorize]: module files returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate rlm_eap: Invalid user, authentication failed modcall[authenticate]: module eap returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. Login incorrect: [chuckp] (from nas wless port 29 cli 004096355da6) Sending Access-Reject of id 128 to 129.24.17.185:1338 chuck [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/Password File problems - EAP-TTLS - Tru64
Yuan Yuan [EMAIL PROTECTED] wrote: Now I am working on EAP/TLS intergration with Freeraduis. Would you please tell me whether Freeradius support EAP/TLS? No, it doesn't. Sorry. As always, patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/Password File problems - EAP-TTLS - Tru64
but Freeraduis does support EAP, and can be compiled with EAP module, right? On Monday 14 January 2002 02:11 pm, you wrote: Yuan Yuan [EMAIL PROTECTED] wrote: Now I am working on EAP/TLS intergration with Freeraduis. Would you please tell me whether Freeradius support EAP/TLS? No, it doesn't. Sorry. As always, patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/Password File problems - EAP-TTLS - Tru64
oh, Thanks would you please tell where can I find the EAP-MD5 module? On Monday 14 January 2002 02:24 pm, you wrote: Yuan Yuan [EMAIL PROTECTED] wrote: but Freeraduis does support EAP, and can be compiled with EAP module, right? Yes. But right now, it only supports EAP-MD5. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP/Password File problems - EAP-TTLS - Tru64
I am newcomer to this mailing list. I am studying on radius authentication method, and want to know where can I find the EAP-MD5 module. Now I hope that I can test aboe module. Please let me know. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users- [EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, January 15, 2002 4:36 AM To: [EMAIL PROTECTED] Subject: Re: EAP/Password File problems - EAP-TTLS - Tru64 Yuan Yuan [EMAIL PROTECTED] wrote: would you please tell where can I find the EAP-MD5 module? Look in the tar file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html.+-wèþ˱Êâmïî˱Êâmäzm§ÿðÃëyêÚv+¬¢¸?+-þë®Èm
Re: EAP/Password File problems - EAP-TTLS - Tru64
Brandon Saunders [EMAIL PROTECTED] wrote: I am testing my wireless access point against a test freeradius server complied with the EAP module. I am using the UNIX user files as the authentication source. When a client tries to authenticate, the access point sends the EAP message encapsulated in RADIUS. Right now, the server only supports EAP-MD5. You'll have to do PAP authentication to authenticate against /etc/passwd. If you're using the radius 'users' file, then EAP-MD5 should work. The RADIUS server should then do a challenge and respond, but nothing is sent back but and access reject. Upon looking at the log files, it appears that the server is trying to do the authentication without the password. I get log lines that look like: Fri Dec 28 10:51:51 2001 : Auth: Login incorrect: [test/no Password attribute] (from nas HDLwireless port 29 cli 004096501888) You haven't configured it to use EAP for authentication. Configuring EAP in 'radiusd.conf' *allows* the server to use EAP, but it does not tell the server which requests get authenticated via EAP, and which do not. Anyone have any ideas why the challenge and respond is getting sent back? I know EAP support is still in development, could this be a bug? Do I have something setup wrong? I will send out my configuration file if anyone thinks it will be of help. Search the list archives for a message on getting EAP working. I am currently just working with EAP-MD5. Has anyone considered implementing EAP-TTLS? It's a lot of work. I am also interested in running freeradius on Alpha/Tru64. I appears to compile OK, but I am having some linking problems. Then do: ./configure --disable-shared Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html