<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Thank you Zoltan,<br>
I made some modification but nothing changed.<br>
When I tested the configuration from with radping on the supplicant, it
worked fine.<br>
But with my configuration md5, nothing occures at the radius server (no
packets sent, no logs).<br>
<br>
I answer you at each point, and give the configurations on the client.<br>
<br>
<br>
Zoltan A. Ori a écrit :
<blockquote cite="mid200508080542.30995.z.ori@morehead-st.edu"
type="cite">
<pre wrap="">On Monday 08 August 2005 03:54, Rafael DiazMaurin wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello,
Cna someone help me ?
I use : freeradius 1.0.4, and a switch CISCO 2950
I'm trying to configure EAP/MD5, but the client can't show the window of
login/password, it's connected to the network without asking for the
login/password, and the freeradius daemon is still :
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
A part of the log of the freeradius :
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = yes
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
Module: Instantiated eap (eap)
</pre>
</blockquote>
<pre wrap=""><!---->
The Cisco 2950 is the client (or NAS). Is it configured?
</pre>
</blockquote>
Yes it's configured :<br>
IOS version : 12.1(22)EA4<br>
General configuration : <br>
aaa new-model<br>
aaa authentication dot1x default group radius<br>
aaa authorization network default group radius<br>
radius-server host IP-Adress auth-port 1812 acct-port 1813 key XXX<br>
radius-server retransmit 3<br>
<br>
Here is the configuration of the port where the Supplicant (XP SP 2) is
connected : <br>
interface FastEthernet0/2<br>
description supplicant<br>
switchport access vlan XXX<br>
switchport mode access<br>
duplex full<br>
dot1x port-control auto<br>
dot1x timeout reauth-period 300<br>
dot1x reauthentication<br>
spanning-tree portfast<br>
<br>
This switch is connected to another switch with a Trunk link, and
another trunk link until the radius server.<br>
Here is the configuration of the port where the radius server is
connected :<br>
interface FastEthernet2/11<br>
description RadiusServer<br>
switchport access vlan 260<br>
<br>
<br>
Do I need to configure the 2 last switchs with authentification dot1x ?
<br>
I didn't configure anything on these switch, even the one where the
radius server is plugged.<br>
I only configure the switch where the supplicant is conected.<br>
<br>
<blockquote cite="mid200508080542.30995.z.ori@morehead-st.edu"
type="cite">
<pre wrap="">
XP is the supplicant. If the Cisco 2950 (client) doesn't require login, then
the supplicant will simply connect without any authentication dialog.
</pre>
</blockquote>
How can I make the connection of the supplicant with an
authentification dialog ?<br>
<br>
<blockquote cite="mid200508080542.30995.z.ori@morehead-st.edu"
type="cite">
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">The local tests are ok !
</pre>
</blockquote>
<pre wrap=""><!---->
Then server is probably working just fine.
</pre>
<blockquote type="cite">
<pre wrap="">Here is the configurations I tested :
raddb/users :
test Auth-Type := EAP, User-Password == "test"
Service-Type = Framed-User
</pre>
</blockquote>
<pre wrap=""><!---->
Don't set the Auth-Type in users file.
</pre>
</blockquote>
I deleted it, but nothing changed.<br>
<br>
<blockquote cite="mid200508080542.30995.z.ori@morehead-st.edu"
type="cite">
<pre wrap=""></pre>
<blockquote type="cite">
<pre wrap="">On the client (windows XP sp2) I configure the 802.1x properties on Type
EAP : MD5-Challenge
</pre>
</blockquote>
<pre wrap=""><!---->
That is the supplicant. Now, configure the client.
Zoltan
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<br>
Rafael.<br>
</body>
</html>