ERROR: Failed continuing EAP MD5 (4) session
Mohamed Lrhazi
Mohamed.Lrhazi at georgetown.edu
Sat Feb 6 01:08:27 CET 2016
Given that we don't store clear text passwords anyways... would one
solution to my problem be to disable EAP-MD5?
My config for eap has this in it:
# Loading module "eap" from file /etc/raddb/mods-enabled/eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 16384
}
Only very few of our users seem to be causing these errors....
Thanks,
Mohamed.
On Fri, Feb 5, 2016 at 6:34 PM, Mohamed Lrhazi <
Mohamed.Lrhazi at georgetown.edu> wrote:
> Thank you so much Alan.
>
> Mohamed.
>
> On Fri, Feb 5, 2016 at 6:27 PM, Alan DeKok <aland at deployingradius.com>
> wrote:
>
>> On Feb 5, 2016, at 6:23 PM, Mohamed Lrhazi <Mohamed.Lrhazi at georgetown.edu>
>> wrote:
>> >
>> > I have some users, apparently always the same, who get rejected with
>> this
>> > error message... I managed to get a session containing the failure
>> captured
>> > in debug mode. Not sure if I should post more, but this the end of one
>> such
>> > session....
>> >
>> > How can I get to the root cause of their rejections?
>>
>> Read the debug output.
>>
>> > (267) EXPAND {nt}%{1}
>> > (267) --> {nt}1DD9FC26BF0FCD74413AF390A74F559B
>> > (267) Password-With-Header :=
>> {nt}1DD9FC26BF0FCD74413AF390A74F559B
>>
>> That's the first piece of information.
>>
>> > (267) eap_md5: Cleartext-Password is required for EAP-MD5 authentication
>>
>> That's the second piece of information.
>>
>> You can't do EAP-MD5 with NT hashed passwords.
>>
>> For details, see:
>>
>> http://deployingradius.com/documents/protocols/compatibility.html
>>
>> Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
More information about the Freeradius-Users
mailing list