EAP-MD5 group auth failure

Security Camera seccam.trilok at gmail.com
Mon Sep 12 22:09:05 CEST 2016


Thanks Alan.

 Its a security camera is the user doing 802.1x auth connected to a switch
radius client. The switch connects to the RADIUS server based on the radius
server configuration on it. The server shared password is same on both the
switch and the RADIUS server its trying to connect to.  The rad_users file
contains:

 ash-4.3# vi /usr/local/synoradius/rad_users


# DEFAULT Ldap-Group == "bbbb", Auth-Type := Reject

# asd at testing   Auth-Type := Reject

# DEFAULT        Group == "disabled", Auth-Type := Reject

XXXX            Cleartext-Password := "XXXXXXX"


Thanks for your help.




On Mon, Sep 12, 2016 at 12:06 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:

> hi,
>
> so you've added a user to the users file (line 4....).... and you want to
> use MD5 - whats doing the MD5 EAP auth - the switch or a wired client
> doing 802.1X native on a switch port?
>
> the client, whichever it is, isnt configured natively for MD5 - its trying
> some other method, which the server is NAKing - then its doing MD5 - this
> might be a cause of your issues.   when MD5 is being done, the server
> pretty much rejects the auth when it hits eap-md5 for the proper md5 phase.
> which would suggest that something about the client isnt right...or
> something
> about the entry in the users file isnt right - so whilst user-name matches
> on line 4, some of the other check items arent quite right.  incorrect
> shared secret
> might be involved too.....
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>


More information about the Freeradius-Users mailing list