EAP-MD5 Authentication problem

Alan DeKok aland at ox.org
Thu Dec 29 08:22:19 CET 2005


Marco Spiga <mspiga3 at alice.it> wrote:
> However as soon as installed freeradius I have tried radtest and it worked well, also whith users inserted in
> radcheck table of postgresql and authentication EAP MD5 has not never worked.

  The entry in the "users" file isn't being matched because you edited
radiusd.conf, and broke the server.

> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   rlm_eap: EAP packet type response id 210 length 9
>   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>   modcall[authorize]: module "eap" returns updated for request 0
> modcall: group authorize returns updated for request 0

  See?  There's no mention of the "files" module, or that any entry in
the "users" file was matched.  So you can edit the "users" file
forever, and it won't affect anything... because *you* told the server
to not look at the "users" file.

>         # eap sets the authenticate type as EAP
>         authorize {
>                 ...
>                 eap
>         }

  And rather than quoting your exact "authorize" section, you've
edited it.

  Since I can read the debug output, I can tell what you've done.  But
by editing the "radiusd.conf" pieces you quoted, you've gone out of
your way to make it more difficult for anyone to be able to help you.

  In short, if you don't know what the entries in "radiusd.conf" do,
DON'T EDIT THEM.  The default configuration is set up that way for a
reason.  IT WORKS.

  If you had used the default configuration, the "users" file entry
would have worked as I said.  But because you edited the default
configuration (and didn't say you edited it), you broke it, and the
"users" fil entry didn't work.

  Alan DeKok.



More information about the Freeradius-Users mailing list