rlm_passwd and EAP-MD5
Alan DeKok
aland at deployingradius.com
Wed Nov 28 23:23:44 CET 2007
Kolbjørn Barmen wrote:
> Can rlm_passwd be used together with EAP-MD5?
Yes. Only if the password is in clear-text.
> If I in the users file set "Password == blabla" for a user test-user
> and then connects using radeapclient as described in the manual with
> "EAP-MD5-Password = blabla" it works fine. However, I want to use an
> external clear-text password instead of having the password in users,
> since I want to change the password for each and every test, and do
> not want to HUP radiusd all the time.
I'm not sure that will work.
> On the same server I use rlm_passwd already for authenticate certain
> clients against a TACACS passwd file, and for those clients I have in
> users file entires like this:
>
> DEFAULT Auth-Type := PAP, Client-IP-Address == "w.x.y.z"
>
> which (if I have grasped things right) enforces those to use PAP,
In 1.1.7, you don't need that Auth-Type.
> With the above I get in the log:
>
> Info: rlm_eap_md5: User-Password is required for EAP-MD5 authentication
Ugh. It works in 1.1.7. Which version are you running?
> As for "Why EAP-MD5?", I just need some EAP-method for which
> I can easily generate requests with radeapclient.
See also wpa_supplicant and eapol_test. I use it to test all of the
EAP types...
Alan DeKok.
More information about the Freeradius-Users
mailing list