Hi list ,
While working on EAP MD5 authentication, i have a little doubt.
i hav confiured eap user with password in users file ..
I m able to get Access Challenge from RADIUS.
On sending Radius packet with EAP response (msg digest on id + passwd +
challenge) , State attribute (received in Access Challenge) and User-Password
( got by encrypting password as configured in users file) , i m able to get
EAP Success.
But as per RFC 2869, response to Access challenge should contain User password
as the user-response.
"If the NAS supports challenge/response, receipt of a valid
Access-Challenge indicates that a new Access-Request SHOULD be
sent. The NAS MAY display the text message, if any, to the user,
and then prompt the user for a response. It then sends its
original Access-Request with a new request ID and Request
Authenticator, with the User-Password Attribute replaced by the
user's response (encrypted), and including the State Attribute
from the Access-Challenge, if any. Only 0 or 1 instances of the
State Attribute can be present in an Access-Request."
On setting User-Passwd as User response(EAP data),user is not matched against
the users file entry..and i get error msg :
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
rlm_eap: Handler failed in EAP/md5
Can anyone tell me what should i send in User-password ..
If it is the encrypted password in users file , the how come NAS know the
password for this user ??? and as per RFC, it should be user's response
anyways..
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
