(RADIATOR) EAP-MD5 with XP

Tom Rixom tom.rixom at alfa-ariss.com
Wed May 29 03:13:12 CDT 2002


That was just the thing I needed.

It works perfectly.

Thanks!

Tom

-----Original Message-----
From: Mike McCauley [mailto:mikem at open.com.au]
Sent: Wednesday, May 29, 2002 9:57 AM
To: Tom Rixom; hugh at open.com.au; radiator at open.com.au
Subject: Re: (RADIATOR) EAP-MD5 with XP


Hi Tom,


On Wed, 29 May 2002 17:43, Tom Rixom wrote:
> Hi,
>
> I am using the Windows XP client and the Funk Odyssey Client (under Windows
> 2000).
>
> Both have the same problem. The NAS is a Cisco 350 Access Point.
> The NAS just says Authentication Failed.
>
> I noticed in the log files that when the Client responds I get an error:
> Radius:AuthFILE REJECT: Check Item Service-Type expression 'Framed-User'
> does not match '' in request.

Hmmm, I think thats the problem.
The user fred in your user file has a check item for Service-Type.

Suggest you remove that so the entry for fred is:

fred	User-Password = "fred"




>
> btw. Do I understand correctly that EAP-MD5 does not use dynamic keys?

You are talking about wireless?
Yes, that is my understanding: static WEP keys only.

Cheers.

>
> Thanx,
>
> Tom.
>
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: Wednesday, May 29, 2002 12:02 AM
> To: Tom Rixom; hugh at open.com.au; radiator at open.com.au
> Subject: Re: (RADIATOR) EAP-MD5 with XP
>
>
> Hello Tom,
>
> that all looks OK.
> What is the upstream NAS?
> What type of client is it?
> Are you able to turn on debug in the NAS and observe what it thinks about
> the problem?
>
> Cheers.
>
> On Tue, 28 May 2002 22:59, Tom Rixom wrote:
> > Hello,
> >
> > I attached the output (tom) and the sample users file (users) and config
> > file (ut.cfg).
> >
> > I have changed nothing in the user file. (probably the problem ;))
> >
> > I addedd the EAP type to the config file.
> >
> > Tom
> >
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: Tuesday, May 28, 2002 2:34 PM
> > To: hugh at open.com.au; Tom Rixom; radiator at open.com.au
> > Subject: Re: (RADIATOR) EAP-MD5 with XP
> >
> > On Tue, 28 May 2002 22:02, Hugh Irvine wrote:
> > > Hello Tom -
> > >
> > > I have copied this mail to Mike, as he has been doing a lot of work in
> > > this area recently.
> > >
> > > In the meantime I suggest you download Radiator 3.1, plus the patches
> > > which have additional EAP support in them.
> > >
> > > Mike will undoubtedly have additional comments.
> >
> > Yes....
> > EAP MD5-Challenge requires that the user database have a User-Password
> > check item containing the plaintext password. It must be User-Password
> > and not Password (ie the spelling of the check item is important)
> >
> > There were somwe patches and fixes to EAP in 3.0 and 3.1, plus subsequent
> > patches. As Hugh says it would probably be best to upgrade. I cant think
> > of any issues that would stop 2.19 working with EAP M5, but I may be
> > wrong.
> >
> > Further than that , we would need to see a Trace level 4 log file.
> >
> > Cheers.
> >
> > > regards
> > >
> > > Hugh
> > >
> > > On Tue, 28 May 2002 20:52, Tom Rixom wrote:
> > > > Hello,
> > > >
> > > > I am trying to get Radiator to run using EAP-MD5 with a Windows XP
> > > > client and a Cisco 350 WLAN AP.
> > > >
> > > > I am not yet familliar with Radiator yet, but I would like to get
> > > > EAP-MD5 up and running as fast as possible.
> > > >
> > > > I used the test programs and it checked out fine.
> > > >
> > > > To test EAP-MD5 I:
> > > >
> > > > - used the simple.cfg file with an extra addition: EAPType
> > > > MD5-Challenge. - used the sample user file as the user database.
> > > >
> > > > I tried to log on using: username fred, password fred.
> > > >
> > > > When I connected using the Windows XP client Radiator received the
> > > > access-request packet, looked in the user db and then sent an
> > > > access-challenge. Windows XP however then responded with an
> > > > access-request packet again... instead of the access-response.
> > > >
> > > > Is their something I need to change in the sample user database file
> > > > to allow it to work with EAP?
> > > >
> > > > Best Regards,
> > > >
> > > > Tom Rixom
> > > >
> > > > Alfa & Ariss
> > > > Network Security Solutions
> > > > www.alfa-ariss.com
> > > >
> > > > Lansinkesweg 4-226
> > > > 7553 AE Hengelo Ov
> > > > PO Box 960-35
> > > > 7550 AZ Hengelo Ov
> > > > The Netherlands
> > > >
> > > > Tel: +31 (0)74 2555 636
> > > > Fax: +31 (0)74 2555 638
> > > > E-mail: tom.rixom at alfa-ariss.com
> > > >
> > > > ===
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au
> > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc 
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list