rlm_passwd and EAP-MD5

Alan DeKok aland at deployingradius.com
Wed Nov 28 23:23:44 CET 2007


Kolbjørn Barmen wrote:
> Can rlm_passwd be used together with EAP-MD5?

  Yes.  Only if the password is in clear-text.

> If I in the users file set "Password == blabla" for a user test-user
> and then connects using radeapclient as described in the manual with
> "EAP-MD5-Password = blabla" it works fine. However, I want to use an
> external clear-text password instead of having the password in users,
> since I want to change the password for each and every test, and do 
> not want to HUP radiusd all the time.

  I'm not sure that will work.

> On the same server I use rlm_passwd already for authenticate certain
> clients against a TACACS passwd file, and for those clients I have in
> users file entires like this:
> 
> DEFAULT Auth-Type := PAP, Client-IP-Address == "w.x.y.z"
> 
> which (if I have grasped things right) enforces those to use PAP,

  In 1.1.7, you don't need that Auth-Type.

> With the above I get in the log:
> 
>   Info: rlm_eap_md5: User-Password is required for EAP-MD5 authentication

  Ugh.  It works in 1.1.7.  Which version are you running?

> As for "Why EAP-MD5?", I just need some EAP-method for which
> I can easily generate requests with radeapclient.

  See also wpa_supplicant and eapol_test.  I use it to test all of the
EAP types...

  Alan DeKok.



More information about the Freeradius-Users mailing list