Re: EAP-MD5 client"rlm_eap_md5 : Password is required for EAP-MD5 Authentication"

[Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk>]

tnt@kalik.co.yu wrote:
> Post your entry in users file and output from radiusd -X. If you have
> read the explanations in users file you should know how to enter a
> cleartext password for a user.
>
> Ivan Kalik
> Kalik Informatika ISP
>   
Right, so you understand how the standard challenge response scheme works ?

1. generate random string
2. send random string as challenge
3. response = md5(challenge + passphrase)
4. send response
5. md5(challenge + passphrase) == response ?
(though if I remember correctly it's slightly more complicated)

So you need cleartext password both user side and server side , else 
it's not going to work.

so you need to get the cleartext passphrase into the server and 
associate it with the user.

In ldap it would be held in the attribute UserPassword,
in sql you would add into check items Cleartext-Password := passphrase
In the users file
user    Cleartext-Password := passphrase
> Dana 5/8/2007, "rick norman" <gumbo_2007@bsdmail.com> piše:
>
>   
> > > ----- Original Message -----
> > > From: "Arran Cudbard-Bell" <A.Cudbard-Bell@sussex.ac.uk>
> > > To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
> > > Subject: Re: EAP-MD5 client	"rlm_eap_md5 : Password is required for EAP-MD5	Authentication"
> > > Date: Sun, 05 Aug 2007 19:48:09 +0100
> > >
> > >
> > > rick norman wrote:
> > >       
> > > > Hi,
> > > > I'm building a radiusd client using libradius and trying to get
> > > > eap-md5 authentication
> > > > working.  My code sends a radius request with a user name, and an
> > > > eap message with
> > > > the username.
> > > > I receive a challenge from radiusd.  I return the challenge
> > > > response, md5(id,passwd,challenge), and radius state variable
> > > > but time out waiting for authentication.
> > > > The output from radiusd indicates "rlm_eap_md5 : Password is
> > > > required for EAP-MD5 Authentication".
> > > > When I add the password to the users file, I no longer receive
> > > > the challenge and timeout earlier.  Where is radiusd supposed to
> > > > get the passwd, and in what format ?
> > > >
> > > >
> > > >         
> > > Cleartext for md5 challenge, and from any authentication source you wish
> > > ... sql , ldap , users file.
> > >       
> > I don't follow.  Where does the cleartext go ?  I tried including the password in
> > the radius user password type.  The eap-md5 response is md5 hash.
> >     
> > > -
> > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> > >       
> > --
> > _______________________________________________
> > Get your free email from http://bsdmail.com
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
> >     
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>