Hi Ivan,
Thanks a lot for the guidance. I rectified the problem. The debug mode
shows that it is receiving the request from the WAN IP of the IP
(192.168.104.xxx) , while the NAS-IP appeared to be the its LAN IP
(192.168.1.xxx). As a result, Radius Server was trying to send the
Access-Challenge to the LAN IP of the Access Point, which was not
reachable, hence the problem.
However, I stuck up at a later stage. The authentication is happening
when the users are defined in the "users" file. Then I conencted the
Radius Server to LDAP, which is working only if the "UserPassword" in
LDAP is stored in plain-text. But my LDAP server contains all the
paswords in md5 encypted format. I could not get a solution for
authenticating users when their paswords are stored in MD5.
I tried to generate MD5 password from the client machine (which is a
windows XP) using a small script in C#, but the MD5 generated passwords
from C# differ from those in LDAP ( quite strange !!!)
When I supply the MD5 encrypted password (if passwords are encrypted
using slappasswd in LDAP server) from the Windows XP client, it works
fine. Can somebody help me in getting users authenticated with LDAP if
the passwords are in MD5??
I went through a document in the Internet that says EAP does not support
MD5 hashes, only EAP-GTC and PAP does.
Can someone suggest a solution for getting users authenticated through
AP whith their passwords stored in MD5??
Thanks and Regards,
SaN
I've been trying to autheticate a Wireless Acess Point through a Radius
Server for last 1 month, but things doesn't seem to be working for me.
The Radius Server is authenticating when I test it with the radtest
command. It also worked for a Cisco 2950 switch. But no luck when I use
the Access Point. I have tried 3 different accesspoints, including
Linksys, D-Link and the Firepro, but none of them worked.
I do not get any error when I check the radius in debug mode. It says
"Sending Access-Challange to ....", but the client doesn't get
authenticated. I seriously need help on this.
1. Do I really need certificates for authentication?
Yes. That conversation is EAP-TLS. *You* have selected that
authentication method when you were creating the connection.
Is there a way to
achieve WPA with UserName and Password, without installing certificates?
Yes. You can do PEAP with usernames and passwords. You might need to
install CA certificate if you are signing your own.
2. Should the AP send "User-Password" attribute to the Radius Server?
No.
Or
should the Radius Server send an Access-Challange to the AP, and AP does
matching and all.
AP does nothing. It jast passes the challenge to the users machine.
Ivan Kalik
Kalik Informatika ISP
DISCLAIMER: This e-mail and any files transmitted with it are for the sole use
of the intended recipient(s) and may containconfidential and privileged
information. If you are not the intended recipient, please contact the sender
by reply e-mail and destroy all copies and the original message. Any
unauthorized review, use, disclosure, dissemination, forwarding, printing or
copying of this email or any action taken in reliance on this e-mail is
strictly prohibited and may be unlawful. The recipient acknowledges that Tulip
Telecom Limited is unable to exercise control or ensure or guarantee the
integrity of/overthe contents of the information contained in e-mail
transmissions and further acknowledges that any views expressed in this message
are those of the individual sender and no binding nature of the message shall
be implied or assumed unless the sender does so expressly with due authority of
Tulip Telecom Limited. Before opening any attachments please check them for
viruses!
and defects.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
