Thanks for the help Stefan.
> I am trying to send an Access-Request with EAP-Identity response. The
> Request was successful and Server sent an Access-Challenge in response (MD5
> challenge), the response to this challenge is failing (receiving
> Access-Reject from Server), the Error message was "rlm_eap_md5:
> User-Password is required for EAP-MD5 authentication". I have the
> User-Password attribute in Access-Request. Below is the Access-Request
> packet attributes,
You don't quite understand how EAP-MD5 works. There is not supposed to be a
User-Password in the request - instead, a response to the MD5-Challenge the
server sent out earlier. The *server* needs to know the user's password to
verify this response. So putting the attribute User-Password in the request
won't gain you anything, other than violating RFCs. The server will not look
there.
With EAP-MD5, the user's password is *never* on the wire.
You want to configure the user's password in the server, for example in the
users file. In 1.16 and later, you will want to use the
name "Cleartext-Password" instead of User-Password for that - it reduces
confusion.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html