As far as I understand your config files, you want to use MD5.
So the question are:
- is the client really sending MD5 hashes (or is it sending NT hashes
for example)
- can PAM handle it?
- has PAM access to the password in MD5 or in clear to be able to
check against it?
I hope that my hints could bring you forward.
Have a nice day!
PS.: personally what I find curious is that there is no "ttls" in the
log, except at initialization of radiusd.
Am 11.06.2008 um 20:47 schrieb sth:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[...]
I did see mention of a similar symptom in my searches, and a few
(including this one[2]) suggested that a fix was forthcoming in 1.1.5.
By way of attempting this, I tried rolling my own 2.0.5 instance of
FR,
but it had the same problem.
Alan's post here[3] indicates, "It needs a password." What I'm not
clear
on is _what_ needs a password: is the client not sending it, or
does the
FR server not have access to the backend against which it should be
verifying the password incoming from the client? If the client is not
sending it, how might I go about ascertaining why?
In any case, this seems to be one of the more common errors for people
attempting 802.1x auth via RADIUS, and since there are so many
different
scenarios cited by the posts I'm finding, I hoped that the
knowledgeable
~ among you might analyze and comment on my configuration. I can
provide
further information and diagnostic output upon request.
If at any point it's appropriate for someone to say, "You fool! You
can't have WPA(2) Enterprise authentication for both Mac and Windows!"
please, don't hesitate to do so. ;-)
[...]
Nicolas Goutte
extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
