Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add support for EAP-MD5 #10

Open
artooro opened this issue Mar 19, 2018 · 5 comments
Open

add support for EAP-MD5 #10

artooro opened this issue Mar 19, 2018 · 5 comments
Labels
enhancement

Comments

@artooro
Copy link

artooro commented Mar 19, 2018

How much work would it be to add support for EAP-MD5? I was looking to use this in combination with strongswan via eap-radius.
@ghost ghost added the enhancement label Mar 27, 2018
@ghost
Copy link

ghost commented Mar 27, 2018
edited by ghost
Loading

I'm not sure what the scope is. I know support for the EAP-Message attribute needs to be added, but I'd have to do more reading beyond that.

If you have any more details, @artooro, that would definitely help.

@seanenck
Copy link

I experimented very briefly using this library to try and do some EAP things (which I recognized was not supported here but I was willing to go down a path of implementation) and looked at some "prior art" in other go-based radius/eap libraries just to see if I could get anywhere (I was looking at EAP+ multiple things/pretty much any options like EAP+PWD). I know enough about EAP-Message(ing) to realize I was immediately going to have to spend a solid amount of time dealing with it and had to stop (and have nothing to show)

Just for reference I did look at:
https://github.com/bronze1man/radius (+forks)
https://godoc.org/github.com/google/gopacket/layers

we deploy freeradius locally with custom user-management scheme, all here, and I would love to eliminate freeradius and do a specific/custom solution just for our VLAN management/user login (currently using PEAP+phase2=mschapv2).

Just in terms of what I was playing with when using some of the libs/forks/etc.

using wpa_supplicant (for eapol_test), a test.conf file like this

network={
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="<user>"
        password="<password>"
        phase2="autheap=MSCHAPV2"
}

and the command (some of which isn't/wasn't needed for testing the libs but still)

eapol_test -a <radius_server_ip> -c test.conf -s <secret_key> -M <mac>

The above may not all be applicable but it was my "first steps" towards seeing if there was a way to move forward at the time and I couldn't find a good one (not just in go either, I explored some other libraries in other languages) :/

@artooro
Copy link
Author

artooro commented Mar 31, 2018

Yeah I tried implementing it myself as well, but quickly realized (maybe not quick enough) that there's a reason freeradius is the only open source server that supports EAP.
So I wrote a python module for freeradius that handles my use-case as well, interestingly I found your repo when trying to figure out how to get it working, so thanks @enckse

@DatanoiseTV
Copy link

Is there any update on this? I'm trying to use it for 802.1x authentication.

@seanenck seanenck mentioned this issue Jul 19, 2021
Open
@cody0704
Copy link

I implemented the EAP MD5 function, it's quite crude and the code is a bit messy.
I hope someone can test whether the EAP MD5 function is correct, I have tested it myself using eapol_test and it's correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Milestone
No milestone
Development

No branches or pull requests
4 participants
@artooro @seanenck @DatanoiseTV @cody0704