Pb with EAP/MD5

Jefri bin Dahari jeff at mimos.my
Tue Aug 9 05:13:57 CEST 2005 

I think you haven't put the NAS ip address in clients.conf.
  ----- Original Message ----- 
  From: Rafael DiazMaurin 
  To: z.ori at morehead-st.edu ; FreeRadius users mailing list 
  Sent: Monday, August 08, 2005 22:44
  Subject: Re: Pb with EAP/MD5


  Thank you Zoltan,
  I made some modification but nothing changed.
  When I tested the configuration from with radping on the supplicant, it worked fine.
  But with my configuration md5, nothing occures at the radius server (no packets sent, no logs).

  I answer you at each point, and give the configurations on the client.


  Zoltan A. Ori a écrit : 
On Monday 08 August 2005 03:54, Rafael DiazMaurin wrote:
  Hello,
Cna someone help me ?
I use : freeradius 1.0.4, and a switch CISCO 2950

I'm trying to configure EAP/MD5, but the client can't show the window of
login/password, it's connected to the network without asking for the
login/password, and the freeradius daemon is still :
            Listening on authentication *:1812
            Listening on accounting *:1813
            Ready to process requests.
A part of the log of the freeradius :
    Module: Loaded eap
     eap: default_eap_type = "md5"
     eap: timer_expire = 60
     eap: ignore_unknown_eap_types = yes
     eap: cisco_accounting_username_bug = no
    rlm_eap: Loaded and initialized type md5
    Module: Instantiated eap (eap)

    
The Cisco 2950 is the client (or NAS). Is it configured?
  Yes it's configured :
  IOS version : 12.1(22)EA4
  General configuration : 
      aaa new-model
      aaa authentication dot1x default group radius
      aaa authorization network default group radius
  radius-server host IP-Adress auth-port 1812 acct-port 1813 key XXX
  radius-server retransmit 3

  Here is the configuration of the port where the Supplicant (XP SP 2) is connected : 
  interface FastEthernet0/2
    description supplicant
   switchport access vlan XXX
   switchport mode access
   duplex full
   dot1x port-control auto
   dot1x timeout reauth-period 300
   dot1x reauthentication
   spanning-tree portfast

  This switch is connected to another switch with a Trunk link, and another trunk link until the radius server.
  Here is the configuration of the port where the radius server is connected :
  interface FastEthernet2/11
   description RadiusServer
   switchport access vlan 260


  Do I need to configure the 2 last switchs with authentification dot1x ? 
  I didn't configure anything on these switch, even the one where the radius server is plugged.
  I only configure the switch where the supplicant is conected.


XP is the supplicant. If the Cisco 2950 (client) doesn't require login, then 
the supplicant will simply connect without any authentication dialog. 
  How can I make the connection of the supplicant with an authentification dialog ?


  The local tests are ok !

    
Then server is probably working just fine.

  Here is the configurations I tested :
raddb/users :
test    Auth-Type := EAP, User-Password == "test"
         Service-Type = Framed-User

    
Don't set the Auth-Type in users file.
  I deleted it, but nothing changed.


On the client (windows XP sp2) I configure the 802.1x properties on Type
EAP : MD5-Challenge
    
That is the supplicant. Now, configure the client.

Zoltan

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  
  Rafael.



------------------------------------------------------------------------------


  - 
  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050809/5e48b7ba/attachment.html>

More information about the Freeradius-Users mailing list