eap md5 and cisco 1250 ap?

Jonathan D. Proulx jon at csail.mit.edu
Fri Oct 10 18:08:35 CEST 2008


Hi All,

I'm trying to get am MacOS 10.5 client to connect to a cisco 1250 ap
running IOS 12.4(10b) authenticating against Freeradius 1.1.7 on
Ubuntu (8.04).

Yeh md5 is a bad idea, but it should be a simple first step.  The only
changes I made to the default Freeradius config were to add the client
info for the 1250 and one user:

jon     Cleartext-Password := "password"

Freeradius sends:

Sending Access-Accept of id 56 to 192.168.32.10 port 1645
	EAP-Message = 0x03020004
        Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "jon"
	Finished request 95
	
Which the AP sees:

*Mar  1 17:13:08.871: RADIUS: Received from id 1645/54
192.168.32.34:1812, Access-Accept, len 49
*Mar  1 17:13:08.871: RADIUS:  authenticator 80 F5 FE FA 84 E9 7A EB -
C9 D0 0C F2 E5 07 9C 02
*Mar  1 17:13:08.871: RADIUS:  EAP-Message         [79]  6   
*Mar  1 17:13:08.871: RADIUS:   03 02 00 04        [????]
*Mar  1 17:13:08.871: RADIUS:  Message-Authenticato[80]  18  
*Mar  1 17:13:08.871: RADIUS:   61 20 78 47 53 68 E0 80 20 7F 10 04 95
CE 64 9D  [a xGSh?? ?????d?]
*Mar  1 17:13:08.871: RADIUS:  User-Name           [1]   5   "jon"
*Mar  1 17:13:08.871: RADIUS(000000B0): Received from id 1645/54
*Mar  1 17:13:08.871: RADIUS/DECODE: EAP-Message fragments, 4, total 4
bytes
*Mar  1 17:13:09.919: %DOT11-7-AUTH_FAILED: Station 001e.c2b7.f0de
Authentication failed

But note the AUTH_FAILED at the.  The Mac client then just spins
retrying athentication.

I must be missing something so stupidly obvious noone else has ever
missed it, as I can't seem to find anyone onlline who's had trouble
with simple md5 auth...

Help? Thanks,
-Jon




More information about the Freeradius-Users mailing list