rlm_passwd and EAP-MD5

Kolbjørn Barmen kolbjorn.barmen at uninett.no
Thu Nov 29 10:43:57 CET 2007


On Wed, 28 Nov 2007, Alan DeKok wrote:

> Kolbjørn Barmen wrote:
> > Can rlm_passwd be used together with EAP-MD5?
> 
>   Yes.  Only if the password is in clear-text.

Which is what I want, promising :)

> > If I in the users file set "Password == blabla" for a user test-user
> > and then connects using radeapclient as described in the manual with
> > "EAP-MD5-Password = blabla" it works fine. However, I want to use an
> > external clear-text password instead of having the password in users,
> > since I want to change the password for each and every test, and do 
> > not want to HUP radiusd all the time.
> 
>   I'm not sure that will work.

Hm, isnt that the point of rlm_passwd?

> > DEFAULT Auth-Type := PAP, Client-IP-Address == "w.x.y.z"
> > 
> > which (if I have grasped things right) enforces those to use PAP,
> 
>   In 1.1.7, you don't need that Auth-Type.

I noticed, it's there from old, and I also want to enforce PAP it for the
clients in question, so I let it be.

> > With the above I get in the log:
> > 
> >   Info: rlm_eap_md5: User-Password is required for EAP-MD5 authentication
> 
>   Ugh.  It works in 1.1.7.  Which version are you running?

1.1.7 on NetBSD. Allthough NetBSD bring som patches, they seem to just be
for installation paths and pthread flags. So if it is supposed to work,
I'm curious as to why it doesnt for me.

> > As for "Why EAP-MD5?", I just need some EAP-method for which
> > I can easily generate requests with radeapclient.
> 
>   See also wpa_supplicant and eapol_test.  I use it to test all of the
>   EAP types...

Yes, that's true.

Thanks.

-- 
Kolbjørn Barmen
UNINETT Driftsenter



More information about the Freeradius-Users mailing list