Kolbjørn Barmen wrote:
Can rlm_passwd be used together with EAP-MD5?
Yes. Only if the password is in clear-text.
If I in the users file set "Password == blabla" for a user test-user and then connects using radeapclient as described in the manual with "EAP-MD5-Password = blabla" it works fine. However, I want to use an external clear-text password instead of having the password in users, since I want to change the password for each and every test, and do not want to HUP radiusd all the time.
I'm not sure that will work.
On the same server I use rlm_passwd already for authenticate certain clients against a TACACS passwd file, and for those clients I have in users file entires like this:
DEFAULT Auth-Type := PAP, Client-IP-Address == "w.x.y.z"
which (if I have grasped things right) enforces those to use PAP,
In 1.1.7, you don't need that Auth-Type.
With the above I get in the log:
Info: rlm_eap_md5: User-Password is required for EAP-MD5 authentication
Ugh. It works in 1.1.7. Which version are you running?
As for "Why EAP-MD5?", I just need some EAP-method for which I can easily generate requests with radeapclient.
See also wpa_supplicant and eapol_test. I use it to test all of the EAP types... Alan DeKok.
participants (1)
-
Alan DeKok