Pb with EAP/MD5

Rafael DiazMaurin Rafael.DiazMaurin at cnrs-bellevue.fr
Tue Aug 9 09:44:10 CEST 2005


Jefri bin Dahari a écrit :

> I think you haven't put the NAS ip address in clients.conf.


Yes I did it :

client xxx.xxx.xxx.xxx {
        secret          = XXX
        shortname    = Switch
        nastype         = cisco
}


>     ----- Original Message -----
>     *From:* Rafael DiazMaurin <mailto:Rafael.DiazMaurin at cnrs-bellevue.fr>
>     *To:* z.ori at morehead-st.edu <mailto:z.ori at morehead-st.edu> ;
>     FreeRadius users mailing list
>     <mailto:freeradius-users at lists.freeradius.org>
>     *Sent:* Monday, August 08, 2005 22:44
>     *Subject:* Re: Pb with EAP/MD5
>
>     Thank you Zoltan,
>     I made some modification but nothing changed.
>     When I tested the configuration from with radping on the
>     supplicant, it worked fine.
>     But with my configuration md5, nothing occures at the radius
>     server (no packets sent, no logs).
>
>     I answer you at each point, and give the configurations on the client.
>
>
>     Zoltan A. Ori a écrit :
>
>>On Monday 08 August 2005 03:54, Rafael DiazMaurin wrote:
>>  
>>
>>>Hello,
>>>Cna someone help me ?
>>>I use : freeradius 1.0.4, and a switch CISCO 2950
>>>
>>>I'm trying to configure EAP/MD5, but the client can't show the window of
>>>login/password, it's connected to the network without asking for the
>>>login/password, and the freeradius daemon is still :
>>>            Listening on authentication *:1812
>>>            Listening on accounting *:1813
>>>            Ready to process requests.
>>>A part of the log of the freeradius :
>>>    Module: Loaded eap
>>>     eap: default_eap_type = "md5"
>>>     eap: timer_expire = 60
>>>     eap: ignore_unknown_eap_types = yes
>>>     eap: cisco_accounting_username_bug = no
>>>    rlm_eap: Loaded and initialized type md5
>>>    Module: Instantiated eap (eap)
>>>
>>>    
>>>
>>
>>The Cisco 2950 is the client (or NAS). Is it configured?
>>  
>>
>     Yes it's configured :
>     IOS version : 12.1(22)EA4
>     General configuration :
>         aaa new-model
>         aaa authentication dot1x default group radius
>         aaa authorization network default group radius
>     radius-server host IP-Adress auth-port 1812 acct-port 1813 key XXX
>     radius-server retransmit 3
>
>     Here is the configuration of the port where the Supplicant (XP SP
>     2) is connected :
>     interface FastEthernet0/2
>       description supplicant
>      switchport access vlan XXX
>      switchport mode access
>      duplex full
>      dot1x port-control auto
>      dot1x timeout reauth-period 300
>      dot1x reauthentication
>      spanning-tree portfast
>
>     This switch is connected to another switch with a Trunk link, and
>     another trunk link until the radius server.
>     Here is the configuration of the port where the radius server is
>     connected :
>     interface FastEthernet2/11
>      description RadiusServer
>      switchport access vlan 260
>
>
>     Do I need to configure the 2 last switchs with authentification
>     dot1x ?
>     I didn't configure anything on these switch, even the one where
>     the radius server is plugged.
>     I only configure the switch where the supplicant is conected.
>
>>XP is the supplicant. If the Cisco 2950 (client) doesn't require login, then 
>>the supplicant will simply connect without any authentication dialog. 
>>  
>>
>     How can I make the connection of the supplicant with an
>     authentification dialog ?
>
>>  
>>
>>>The local tests are ok !
>>>
>>>    
>>>
>>
>>Then server is probably working just fine.
>>
>>  
>>
>>>Here is the configurations I tested :
>>>raddb/users :
>>>test    Auth-Type := EAP, User-Password == "test"
>>>         Service-Type = Framed-User
>>>
>>>    
>>>
>>
>>Don't set the Auth-Type in users file.
>>  
>>
>     I deleted it, but nothing changed.
>
>>>On the client (windows XP sp2) I configure the 802.1x properties on Type
>>>EAP : MD5-Challenge
>>>    
>>>
>>
>>That is the supplicant. Now, configure the client.
>>
>>Zoltan
>>
>>- 
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>  
>>
>
>     Rafael.
>
>




More information about the Freeradius-Users mailing list