Security

Reply

heads up on EAP-MD5 with version 6.5

not sure how many people actually use EAP-MD5 but we do and it broke with the upgrade to version 6.5. apparently due to the encrypting of the password of the local user and admin database EAP-MD5 doesn't work anymore as it requires a plain text password for comparing. the alternative in 6.5 is to use the guest user repository or an external LDAP server.

for everyone that is using EAP-MD5 in which identity store do you put your username / password up to now?

Moderator

Re: heads up on EAP-MD5 with version 6.5

I wanted to reply sooner but I've been OOO.

 

I've just had a LONG discussion with DEV about this issue. The short is that we will address this issue in an up-coming release, were actively reviewing solutions to decide what mix of function/feature/security will best work, deploying GUEST accounts is not the solution.

 

I will post back here when we close and I can share more details with you all.

 

 


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.

Re: heads up on EAP-MD5 with version 6.5

thanks Danny, good to see this will be addressed.

Regular Contributor I

Re: heads up on EAP-MD5 with version 6.5

Any update on this? Trying to get ShoreTel phones to auth via 802.1X with EAP-MD5 (auth type of ShoreTel) running 6.5.3.x.

Regards,

Josh
___________
ACMP, ACCP
Moderator

Re: heads up on EAP-MD5 with version 6.5

Josh,

 

The issue we 'intoduced' on 6.5.0, was fixed in 6.5.1.... in the releae notes it refers to 'reversable password'...... this was the crux of this problem.

 

 


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.

Re: heads up on EAP-MD5 with version 6.5

and i can confirm it worked fine for the customer where we had this issue.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: