I can't get 'access-accept' from Linux clients

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Fri Jan 11 13:34:05 CET 2008


tnt at kalik.co.yu wrote:
> Store cleartext passwords and all eap types will work. Real problem is
> the encrypted password not the eap type.
>
> Ivan Kalik
> Kalik Informatika ISP
>   

>
> Dana 11/1/2008, "Sergio Belkin" <sebelk at gmail.com> piše:
>
>   
>> 2008/1/10, Ivan Kalik <tnt at kalik.co.yu>:
>>     
>>> ...
>>>       
>>>> rlm_ldap: Added password
>>>>         
>>> {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check items
>>> ...
>>>       
>>>> rlm_eap_md5: User-Password is required for EAP-MD5 authentication
>>>>         
>>> ...
>>>
>>> You can't use encrypted passwords with EAP-MD5.
>>>
>>> http://deployingradius.com/documents/protocols/compatibility.html
>>>
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>>       
>> Thanks Ivan! So what default eap type should I use in mixed
>> environment (I mean: Linux and Windows Clientes)?
>>     
EAP-TTLS with PAP inner encryption.

Though you'd need to use SecureW2 or the Open SEA supplicant for the 
windows side.

Otherwise you'd need NT-Hashes for MSChap based methods, or the password 
stored in the clear.

>> TIA
>>
>> --
>> --
>> Open Kairos http://www.openkairos.com
>> Watch More TV http://sebelk.blogspot.com
>> Sergio Belkin -
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>     
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   


-- 
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08 
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900




More information about the Freeradius-Users mailing list