EAP, Cleartext-Password & rlm_perl

Ryan De Kock ryandekock1988 at gmail.com
Fri May 23 13:06:17 CEST 2014


I'm trying to get the cleartext-password so that I can authenticate PEAP
users via sql using my schema and run the current checks etc that I do.

Current config is like this

        peap {

            default_eap_type = gtc
            copy_request_to_tunnel = no
            use_tunneled_reply = no
            virtual_server = "inner-tunnel"

        gtc {
            auth_type = PAP
default_eap_type = peap

authenticate {
    Auth-Type PAP {
    Auth-Type CHAP {
    Auth-Type MS-CHAP {

dot1x #Perl script

when I run radius in debug i see this

++[pap] returns noop
rlm_perl: PERL USERNAME bob
rlm_perl: Added pair User-Name = bob
rlm_perl: Added pair EAP-Message =
rlm_perl: Added pair EAP-Type = MS-CHAP-V2
rlm_perl: Added pair State = 0x644e622a654778ceff71975630b5ff5d
rlm_perl: Added pair FreeRADIUS-Proxied-To =
rlm_perl: Added pair Cleartext-Password = hello
rlm_perl: Added pair Auth-Type = EAP
rlm_perl: Added pair Proxy-To-Realm = LOCAL

So the perl script has access to "Cleartext-Password" thanks to GTC I think
but I cant log it in perl. The script literally only does this currently

&radiusd::radlog(1,"PERL USERNAME " . $RAD_REQUEST{'User-Name'});
&radiusd::radlog(1,"PERL PASSWORD " . $RAD_REQUEST{'Cleartext-Password'});

How can I get the Cleartext-Password in rlm_perl?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/94765ad6/attachment-0001.html>

More information about the Freeradius-Users mailing list