Thanx Alan for correcting me .. I had mistakenly written 2869.. Its actually RFC 2865.. i didnt know that " The text in RRC 2865 is not referring to EAP, it's referring to systems like X9.9 token cards." The problem i posted is solved finally !! In sending Response Radius packets, NAS do not need to add User-password attribute. EAP data itself contains the response to Access challenge.. The password for EAP user is configured in "users" file .. and it is this password that the station also uses in its response..
From: "Alan DeKok" <[EMAIL PROTECTED]> To: [email protected] Subject: Re: EAP success with MD5 authentication Date: Tue, 15 Feb 2005 12:51:31 -0500 Reply-To: [email protected] Madhu Dubey <[EMAIL PROTECTED]> wrote: > But as per RFC 2869, response to Access challenge should contain User password > as the user-response. > > "If the NAS supports challenge/response, receipt of a valid There is no such text in RFC 2869. I think you're referring to RFC 2865. > On setting User-Passwd as User response(EAP data),user is not > matched against the users file entry.. I have no idea what you mean by that. The text in RRC 2865 is not referring to EAP, it's referring to systems like X9.9 token cards. > rlm_eap_md5: User-Password is required for EAP-MD5 authentication You have to tell the server what the "known good" clear-text password is for the user. EAP-MD5 uses that "known good" password to validate the data in the EAP-MD5 packet. > If it is the encrypted password in users file Then EAP-MD5 won't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
