eap issues

Craig White craigwhite at azapple.com
Tue Apr 14 00:01:03 CEST 2009


On Mon, 2009-04-13 at 22:20 +0100, Ivan Kalik wrote:
> > using the ca.der and caclient.p12 (using Ivan's newer script for
> generating) for TLS
> 
> That was for 2.0.5. 2.1.x has updated Makefile by default.
----
it didn't have the various caclient generation stuff
-----
> >Below is radiusd -X log with one failed attempt and it just seems as if the
> eap challenges go out but responses never come back.
> 
> [ldap] checking if remote access for spare is allowed by uid [ldap] Added
> User-Password = {crypt}$OBSCURED in check items [ldap] looking for check
> items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x$OBSCURED
> rlm_ldap: sambaLmPassword -> LM-Password == 0x$OBSCURED
> ...
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge
> ...
> 
> No wonder. You are using crypt and nt hased passwords for EAP-MD5. That
> can't work.
> 
> http://deployingradius.com/documents/protocols/compatibility.html
----
OK that sort of makes sense to me.

So I have two sections in eap.conf, ttls and peap which both ask for
'default_eap_type = *' and I have set them both to mschapv2

and in the eap section at the top, I changed default_eap_type to tls

Does this make sense?

Craig



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the Freeradius-Users mailing list