I am attempting to set up FreeRadius to handle dot1x from some Cisco
2950 Series Switches. I am using the supplicant that is supplied as
part of Windows XP. Currently, using a basic configuration of FR1.0.1
I can use radtest to verify that basic radius functions are working
correctly. (I get an access-accept). When I attempt to use MD5 from
Windows XP, the authentication fails and the following is written to
the log:
modcall[authorize]: module "eap" returns updated for request 1
users: Matched DEFAULT at 152
users: Matched DEFAULT at 171
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/md5
rlm_eap: processing type md5
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
rlm_eap: Handler failed in EAP/md5
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user
Any ideas?
I'm just wanting a basic setup that will allow me to do port
authentication using the included WinXP supplicant using my unix
/etc/passwd file. Maybe there is a better way?
BB
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
