Thanks Alan. Its a security camera is the user doing 802.1x auth connected to a switch radius client. The switch connects to the RADIUS server based on the radius server configuration on it. The server shared password is same on both the switch and the RADIUS server its trying to connect to. The rad_users file contains: ash-4.3# vi /usr/local/synoradius/rad_users # DEFAULT Ldap-Group == "bbbb", Auth-Type := Reject # asd@testing Auth-Type := Reject # DEFAULT Group == "disabled", Auth-Type := Reject XXXX Cleartext-Password := "XXXXXXX" Thanks for your help. On Mon, Sep 12, 2016 at 12:06 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
hi,
so you've added a user to the users file (line 4....).... and you want to use MD5 - whats doing the MD5 EAP auth - the switch or a wired client doing 802.1X native on a switch port?
the client, whichever it is, isnt configured natively for MD5 - its trying some other method, which the server is NAKing - then its doing MD5 - this might be a cause of your issues. when MD5 is being done, the server pretty much rejects the auth when it hits eap-md5 for the proper md5 phase. which would suggest that something about the client isnt right...or something about the entry in the users file isnt right - so whilst user-name matches on line 4, some of the other check items arent quite right. incorrect shared secret might be involved too.....
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html