(RADIATOR) 3com 5500-SI + Radiator + AuthByLDAP2 + Redhat Directory Server 7.1 + WinXp Supplicant. EAP-MD5 challenge failed
Rogier Krieger
rkrieger at gmail.com
Sun Apr 1 14:03:42 CDT 2007
On 4/1/07, firdauz mokhtar <firdauzm at gmail.com> wrote:
> Below is the output while running Radiator in trace 4.
<snip>
> Thu Mar 22 23:14:18 2007: DEBUG: EAP result: 1, EAP MD5-Challenge failed
Does your user base store passwords in cleartext? If not, try setting
a cleartext password and see if that changes the situation.
Quoting from the reference manual on EAP MD5-Challenge (section 23.1) [1]:
"EAP MD5-Challenge can work with most Radiator AuthBy clauses that
support the retrieval of a plaintext password, such as FILE, DBFILE,
SQL, LDAP etc."
On another note: are you sure you want to use MD5-Challenge as your
EAP type? It's not exactly secure (vulnerable to dictionary attacks on
WLANs, lacking server authentication).
While dependent on your specific situation/requirements, you may want
to consider using TTLS or PEAP instead. Their benefit lies in the
ability to thwart man-in-the-middle attacks by allowing to verify
server certificates.
Cheers,
Rogier
References:
1. Radiator Reference manual - EAP MD5-Challenge
http://www.open.com.au/radiator/ref.html#pgfId=461066
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list