Linksys WRT54G - DD-WRT - Wireless Auth
Hi there, I'm new to Freeradius and have been bashing my head against this for the last week now, I've read the FAQ and now feel really silly not being able to work this out. Specs: RedHat 9 server (yes - I know prehistoric) Linksys WRT54GL router, running DD-WRT (embedded Linux OS) Freeradius version 1.1.4 (compiled from source) Windows/OSX clients. What I want: To be able to authenticate wireless users via the /etc/passwd and /etc/shadow files. I've setup the WRT54GL to talk to the Radius server, this all seems fine and dandy. The WRT54GL is using WPA TKIP, it has the option of WPA AES too, and WPA AES+TKIP, neither seem to work.. here is the output I get when trying to authenticate a user: rad_recv: Access-Request packet from host 10.0.10.254:2067, id=0, length=119 User-Name = "rhf" NAS-IP-Address = 10.0.10.254 Called-Station-Id = "0016b6edf28a" Calling-Station-Id = "003065263cf8" NAS-Identifier = "0016b6edf28a" NAS-Port = 34 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000801726866 Message-Authenticator = 0x8628dcec942afcd4d5fb5fd2f397ea1a rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. rlm_eap_md5: Issuing Challenge Sending Access-Challenge of id 0 to 10.0.10.254 port 2067 EAP-Message = 0x0101001604100c7c39402e54a1b2d4dace6a40ccda3a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xff0124fdb9484b5aa5164699172989f9 rad_recv: Access-Request packet from host 10.0.10.254:2067, id=0, length=135 User-Name = "rhf" NAS-IP-Address = 10.0.10.254 Called-Station-Id = "0016b6edf28a" Calling-Station-Id = "003065263cf8" NAS-Identifier = "0016b6edf28a" NAS-Port = 34 Framed-MTU = 1400 State = 0xff0124fdb9484b5aa5164699172989f9 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100060319 Message-Authenticator = 0xe0b6669ef1d6b8aeac92c7ae00d0ff70 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. I've read the FAQ and am now really stuck, anyone please please come to my aid! Regards, R
Richard Hamilton-Frost wrote:
What I want:
To be able to authenticate wireless users via the /etc/passwd and /etc/shadow files. I've setup the WRT54GL to talk to the Radius server, this all seems fine and dandy. The WRT54GL is using WPA TKIP, it has the option of WPA AES too, and WPA AES+TKIP, neither seem to work.. here is the output I get when trying to authenticate a user:
...
rlm_eap_md5: Issuing Challenge
http://deployingradius.com/documents/protocols/compatibility.html Passwords in /etc/shadow are hashed via the "crypt" method, or one similar to that. It is impossible to do EAP-MD5 and authenticate users via passwords in /etc/shadow. If you're going to use EAP, you MUST have the clear-text password for the user. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Thanks Alan, What I'll probably have a go at will be attempting to authenticate it against Samba if possible, not looked into how it works yet, but I'm hopeful. :) R On 15/02/07, Alan DeKok <aland@deployingradius.com> wrote:
Richard Hamilton-Frost wrote:
What I want:
To be able to authenticate wireless users via the /etc/passwd and /etc/shadow files. I've setup the WRT54GL to talk to the Radius server, this all seems fine and dandy. The WRT54GL is using WPA TKIP, it has the option of WPA AES too, and WPA AES+TKIP, neither seem to work.. here is the output I get when trying to authenticate a user:
...
rlm_eap_md5: Issuing Challenge
http://deployingradius.com/documents/protocols/compatibility.html
Passwords in /etc/shadow are hashed via the "crypt" method, or one similar to that. It is impossible to do EAP-MD5 and authenticate users via passwords in /etc/shadow.
If you're going to use EAP, you MUST have the clear-text password for the user.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Alan DeKok -
Richard Hamilton-Frost