Re: Error about:rlm_eap_md5: No password configured for this user.
Thanks for the responses to my queries. I have the EAP/MD5 working
with the win2k supplicant across a Nortel BS450 switch.
users.conf:
lunatic Auth-Type := Local, User-Password = test
clients.conf:
client 192.168.17.247 {
secret = test
shortname = bs450_1
nastype = other
}
radius.conf is as in the EAP-MD5 howto, only difference might be I
installed freeradius 0.8.1
I guess my big dissapointent is the user password is in clear text in
the /etc/raddb/users.conf file. Which is just another administrative
task to maintain.
Anyone have ideas/suggestions/experience to utilize an already existing,
perhaps more centralized management for the EAP user/passwords ?
thanks very much.
--
Shawn Adams
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error about:rlm_eap_md5: No password configured for this user.
Freeradius 0.8.1 suse linux 7.3 Using EAP/MD5 from a win2k supplicant, (downloaded from microsoft) the error is as follows: rlm_eap: EAP_TYPE - md5 rlm_eap: processing type md5 rml_eap_md5: No password configured for this user ... It appears this might be related to the use of encrypted passwords, when MD5 needs cleartext. I've read at least one suggestion to read the EAP-MD5.html howto in the docs directory of freeradius.org, but do not find this. anyone know how to fix the password to cleartext in the radiusd.conf ? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error about:rlm_eap_md5: No password configured for this user.
Shawn Adams [EMAIL PROTECTED] wrote: rlm_eap: EAP_TYPE - md5 rlm_eap: processing type md5 rml_eap_md5: No password configured for this user ... It appears this might be related to the use of encrypted passwords, when MD5 needs cleartext. Yes. anyone know how to fix the password to cleartext in the radiusd.conf ? You don't. You put the clear text password into the database you're using. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error about:rlm_eap_md5: No password configured for this user.
Alan, thanks for the response. I think my Radius is using the system /etc/passwd, as this is the default. This seems not to be an option, since /etc/passwd is not cleartext. giving the user a specific entry in the users.conf: Auth-Type := Local, User-Password = Hello does not seem to help. Perhaps I'll rephrase the question: What would you recommend as the optimal EAP/MD5 method ? an external file ? thanks Alan DeKok wrote: Shawn Adams [EMAIL PROTECTED] wrote: rlm_eap: EAP_TYPE - md5 rlm_eap: processing type md5 rml_eap_md5: No password configured for this user ... It appears this might be related to the use of encrypted passwords, when MD5 needs cleartext. Yes. anyone know how to fix the password to cleartext in the radiusd.conf ? You don't. You put the clear text password into the database you're using. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error about:rlm_eap_md5: No password configured for this user.
Shawn Adams [EMAIL PROTECTED] wrote: I think my Radius is using the system /etc/passwd, as this is the default. This seems not to be an option, since /etc/passwd is not cleartext. Exactly. giving the user a specific entry in the users.conf: Auth-Type := Local, User-Password = Hello does not seem to help. Of course. You told it to use 'Local' authentication, not EAP. Change the line to: Auth-Type += Local, User-Password = Hello Then, list the EAP module BEFORE 'files' in the authorize section. If it sees an EAP-Message, then EAP module will add 'Auth-Type := EAP', and the 'files' module will add 'Auth-Type += Local' AFTER that. The EAP will take priority, and it will all work... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error about:rlm_eap_md5: No password configured for this user.
Alan, After making the recommended changes, and commenting everything out of the radiusd.conf, allowing EAP only MD5, and disallowing all other forms of auth: modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module eap returns updated rlm_realm: No '@' in User-Name = lunatic, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop users: Matched DEFAULT at 152 users: Matched lunatic at 156 modcall[authorize]: module files returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - md5 rlm_eap: processing type md5 rlm_eap_md5: No password configured for this user modcall[authenticate]: module eap returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.17.247:2048, id=115, length=16 I guess my bigger question: If this method were to work, the admin would have to hard-code user/password into the users.conf. Is there another tried/true method for using some central password facility, LDAP i don't think will work thanks for your interest Alan DeKok wrote: Shawn Adams [EMAIL PROTECTED] wrote: I think my Radius is using the system /etc/passwd, as this is the default. This seems not to be an option, since /etc/passwd is not cleartext. Exactly. giving the user a specific entry in the users.conf: Auth-Type := Local, User-Password = Hello does not seem to help. Of course. You told it to use 'Local' authentication, not EAP. Change the line to: Auth-Type += Local, User-Password = Hello Then, list the EAP module BEFORE 'files' in the authorize section. If it sees an EAP-Message, then EAP module will add 'Auth-Type := EAP', and the 'files' module will add 'Auth-Type += Local' AFTER that. The EAP will take priority, and it will all work... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error about:rlm_eap_md5: No password configured for this user.
hi
i don't know if anybody answered that: try to put the eap module the
last in the authorize section. for the next time, provide complete
server log in debug mode and your user configuration for that special
case, at least of one single user.
see the EAP-MD5.html howto in the docs directory of freeradius.org
ciao
artur
smlin wrote:
Dear all,
I encounter the error message about EAP-MD5 Configuration.
I have no idea about which configuration I'd to modify.
My environment RH8.0+FreeRadius 0.7.1+Cisco 350 AP with MD5 authentication mode only.
Thanks!
Sam Lin
authorize {
preprocess
eap
suffix
files
}
authenticate {
unix
eap
}
--
_
Artur Hecker Groupe Accès et Mobilité
hecker[at]enst[dot]fr Département Informatique et Réseaux
+33 1 45 81 750746, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr ENST Paris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
