As far as I understand your config files, you want to use MD5. So the question are: - is the client really sending MD5 hashes (or is it sending NT hashes for example) - can PAM handle it? - has PAM access to the password in MD5 or in clear to be able to check against it? I hope that my hints could bring you forward. Have a nice day! PS.: personally what I find curious is that there is no "ttls" in the log, except at initialization of radiusd. Am 11.06.2008 um 20:47 schrieb sth:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[...]
I did see mention of a similar symptom in my searches, and a few (including this one[2]) suggested that a fix was forthcoming in 1.1.5. By way of attempting this, I tried rolling my own 2.0.5 instance of FR, but it had the same problem.
Alan's post here[3] indicates, "It needs a password." What I'm not clear on is _what_ needs a password: is the client not sending it, or does the FR server not have access to the backend against which it should be verifying the password incoming from the client? If the client is not sending it, how might I go about ascertaining why?
In any case, this seems to be one of the more common errors for people attempting 802.1x auth via RADIUS, and since there are so many different scenarios cited by the posts I'm finding, I hoped that the knowledgeable ~ among you might analyze and comment on my configuration. I can provide further information and diagnostic output upon request.
If at any point it's appropriate for someone to say, "You fool! You can't have WPA(2) Enterprise authentication for both Mac and Windows!" please, don't hesitate to do so. ;-)
[...] Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841