[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Freeradius 1.0 + Cisco 2950 + PAM auth problem
From:       "Alan DeKok" <aland () ox ! org>
Date:       2004-08-31 15:18:53
Message-ID: 20040831151853.3189716CD2 () mail ! nitros9 ! org
[Download RAW message or body]

Bartek Boczkaja <boczek@fen.pl> wrote:
> I have Freeradius 1.0 running on Linux. Users file contains only "Default
> Auth-Type = PAM", Clients file contains my whole subnet. I'd like to use it
> for 802.1x authentication with Cisco 2950 switch.

  It's impossible.

  PAM needs a clear-text password for authentication, and no such
clear-text password exist in EAP.

> Any ideas how to make it work? MacOS X supplicant offers different
> authentication protocols, like: TTLS, TLS, LEAP, PEAP, MD5. Does it have
> something in commont with my problem?

  Give the server a clear-text password, and it can use that to
authenticate the EAP requests.

  And no, you can't use PAM to get clear-text passwords.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]