I can't get 'access-accept' from Linux clients

Sergio Belkin sebelk at gmail.com
Fri Jan 11 16:08:31 CET 2008


2008/1/11, Arran Cudbard-Bell <A.Cudbard-Bell at sussex.ac.uk>:
> tnt at kalik.co.yu wrote:
> > Store cleartext passwords and all eap types will work. Real problem is
> > the encrypted password not the eap type.
> >
> > Ivan Kalik
> > Kalik Informatika ISP
> >
>
> >
> > Dana 11/1/2008, "Sergio Belkin" <sebelk at gmail.com> piše:
> >
> >
> >> 2008/1/10, Ivan Kalik <tnt at kalik.co.yu>:
> >>
> >>> ...
> >>>
> >>>> rlm_ldap: Added password
> >>>>
> >>> {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check items
> >>> ...
> >>>
> >>>> rlm_eap_md5: User-Password is required for EAP-MD5 authentication
> >>>>
> >>> ...
> >>>
> >>> You can't use encrypted passwords with EAP-MD5.
> >>>
> >>> http://deployingradius.com/documents/protocols/compatibility.html
> >>>
> >>> Ivan Kalik
> >>> Kalik Informatika ISP
> >>>
> >>>
> >> Thanks Ivan! So what default eap type should I use in mixed
> >> environment (I mean: Linux and Windows Clientes)?
> >>
> EAP-TTLS with PAP inner encryption.

But is is possible configure that so? If I  tried default_eap_type =
pap and radius didn't start.

In fact in Fedora 8 I have configured PAP as inner Authentication
("Wireless Network Secrets Required" dialog box") with wpa_supplicant
running.

>
> Though you'd need to use SecureW2 or the Open SEA supplicant for the
> windows side.

Sure, i use securew3 for windows clients.

>
> Otherwise you'd need NT-Hashes for MSChap based methods, or the password
> stored in the clear.

Last option is not suitable for :(

>
> >> TIA
> >>
> >> --
> >> --
> >> Open Kairos http://www.openkairos.com
> >> Watch More TV http://sebelk.blogspot.com
> >> Sergio Belkin -
> >> -
> >> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >>
> >>
> >>
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
>
>
> --
> Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
> Authentication, Authorisation and Accounting Officer
> Infrastructure Services | ENG1 E1-1-08
> University Of Sussex, Brighton
> EXT:01273 873900 | INT: 3900
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -




More information about the Freeradius-Users mailing list