"[eap] = reject" after "Calling eap_md5 to process EAP data"

Alan DeKok aland at deployingradius.com
Tue Jul 7 22:07:58 CEST 2015


On Jul 6, 2015, at 1:56 PM, Zeus Panchenko <zeus at ibs.dn.ua> wrote:
> I am trying to configure MAC auth by implementing EAP/MD5 as it is described here:
> http://wiki.freeradius.org/modules/Rlm_eap#My-Userbase-is-in-LDAP-and-I-want-to-use-EAP-MD5-authentication
> 
> FR v.3.0.8 is on FreeBSD 10.1R
> supplicant is on FreeBSD 10.1R connected (by wire) to FR wia switch
> 
> but something is wrong and I can not understand what ... please help me to see what I do not see ...

  You edited the default configuration and broke it.  Don't do that.

> as backend I have LDAP and in it, userPassword format is Cleartext-Password (for the sample from the debug bellow it is `00-25-90-D9-76-2C'
> 
> as I understand from the debug bellow, I successfully pass authorization but fail to authenticate against eap_md5 ...
> 
> why?

  Because you deleted the "pap" module from the "authorize" section.  It should be listed last there.  It takes care of normalizing passwords.  In this case, turning Password-With-Header into Cleartext-Password.

> ---[ quotation start ]-------------------------------------------
> Mon Jul  6 20:27:36 2015 : Debug: (0) Received Access-Request Id 200 from 192.168.0.1:49205 to 192.168.0.254:1812 length 137

  PLEASE just post "radiusd -X".  This is what is requested in the FAQ, "man" pages, and daily on this list.  Adding extra debug information doesn't help in most cases.  Here, it just makes the problem harder to spot.

  Alan DeKok.




More information about the Freeradius-Users mailing list