OK...Thanks my head feels better now. So then if I could just ask one more question. Am I able to use sql to authenticate users via eap? if so, is it possible to use a custom schema? I just wondering because if I don't know the password of the user, how can I authenticate it against sql? On 23 May 2014 13:34, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 23/05/14 12:06, Ryan De Kock wrote:
So the perl script has access to "Cleartext-Password" thanks to GTC I
think but I cant log it in perl. The script literally only does this currently
I think you have misunderstood how this all works.
"Cleartext-Password" is a *control* item that you set, by lookup in files/ldap/sql.
It isn't sent by the client.
*If* the client is doing a plaintext EAP inner - EAP-TTLS/PAP or PEAP/GTC - then the password the clients sends will, in the right packet in the inner-tunnel, be in the "User-Password" attribute.
And as Alan points out, EAP methods are decided by the client.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html