Alan,
After making the recommended changes, and commenting everything out of the radiusd.conf,
allowing EAP only MD5, and disallowing all other forms of auth:
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "lunatic", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 152
users: Matched lunatic at 156
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - md5
rlm_eap: processing type md5
rlm_eap_md5: No password configured for this user
modcall[authenticate]: module "eap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.17.247:2048, id=115, length=16
I guess my bigger question:
If this method were to work, the admin would have to hard-code user/password into
the users.conf. Is there another tried/true method for using some central password facility,
LDAP i don't think will work....
thanks for your interest
Alan DeKok wrote:
Shawn Adams <[EMAIL PROTECTED]> wrote:
I think my Radius is using the system /etc/passwd, as this is the default.Exactly.
This seems not to be an option, since /etc/passwd is not cleartext.
giving the user a specific entry in the users.conf:Of course. You told it to use 'Local' authentication, not EAP.
Auth-Type := Local, User-Password = "Hello"
does not seem to help.
Change the line to:
Auth-Type += Local, User-Password = "Hello"
Then, list the EAP module BEFORE 'files' in the authorize section.
If it sees an EAP-Message, then EAP module will add 'Auth-Type :=
EAP', and the 'files' module will add 'Auth-Type += Local' AFTER that.
The EAP will take priority, and it will all work...
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
