Pb with EAP/MD5

Rafael DiazMaurin Rafael.DiazMaurin at cnrs-bellevue.fr
Mon Aug 8 16:44:00 CEST 2005 

Thank you Zoltan,
I made some modification but nothing changed.
When I tested the configuration from with radping on the supplicant, it 
worked fine.
But with my configuration md5, nothing occures at the radius server (no 
packets sent, no logs).

I answer you at each point, and give the configurations on the client.


Zoltan A. Ori a écrit :

>On Monday 08 August 2005 03:54, Rafael DiazMaurin wrote:
>  
>
>>Hello,
>>Cna someone help me ?
>>I use : freeradius 1.0.4, and a switch CISCO 2950
>>
>>I'm trying to configure EAP/MD5, but the client can't show the window of
>>login/password, it's connected to the network without asking for the
>>login/password, and the freeradius daemon is still :
>>            Listening on authentication *:1812
>>            Listening on accounting *:1813
>>            Ready to process requests.
>>A part of the log of the freeradius :
>>    Module: Loaded eap
>>     eap: default_eap_type = "md5"
>>     eap: timer_expire = 60
>>     eap: ignore_unknown_eap_types = yes
>>     eap: cisco_accounting_username_bug = no
>>    rlm_eap: Loaded and initialized type md5
>>    Module: Instantiated eap (eap)
>>
>>    
>>
>
>The Cisco 2950 is the client (or NAS). Is it configured?
>  
>
Yes it's configured :
IOS version : 12.1(22)EA4
General configuration :
    aaa new-model
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
radius-server host IP-Adress auth-port 1812 acct-port 1813 key XXX
radius-server retransmit 3

Here is the configuration of the port where the Supplicant (XP SP 2) is 
connected :
interface FastEthernet0/2
  description supplicant
 switchport access vlan XXX
 switchport mode access
 duplex full
 dot1x port-control auto
 dot1x timeout reauth-period 300
 dot1x reauthentication
 spanning-tree portfast

This switch is connected to another switch with a Trunk link, and 
another trunk link until the radius server.
Here is the configuration of the port where the radius server is connected :
interface FastEthernet2/11
 description RadiusServer
 switchport access vlan 260


Do I need to configure the 2 last switchs with authentification dot1x ?
I didn't configure anything on these switch, even the one where the 
radius server is plugged.
I only configure the switch where the supplicant is conected.

>XP is the supplicant. If the Cisco 2950 (client) doesn't require login, then 
>the supplicant will simply connect without any authentication dialog. 
>  
>
How can I make the connection of the supplicant with an authentification 
dialog ?

>  
>
>>The local tests are ok !
>>
>>    
>>
>
>Then server is probably working just fine.
>
>  
>
>>Here is the configurations I tested :
>>raddb/users :
>>test    Auth-Type := EAP, User-Password == "test"
>>         Service-Type = Framed-User
>>
>>    
>>
>
>Don't set the Auth-Type in users file.
>  
>
I deleted it, but nothing changed.

>>On the client (windows XP sp2) I configure the 802.1x properties on Type
>>EAP : MD5-Challenge
>>    
>>
>
>That is the supplicant. Now, configure the client.
>
>Zoltan
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>  
>

Rafael.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050808/8eb23049/attachment.html>

More information about the Freeradius-Users mailing list