OK...Thanks my head feels better now.

So then if I could just ask one more question. Am I able to use sql to authenticate users via eap? if so, is it possible to use a custom schema? I just wondering because if I don't know the password of the user, how can I authenticate it against sql?




On 23 May 2014 13:34, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 23/05/14 12:06, Ryan De Kock wrote:

So the perl script has access to "Cleartext-Password" thanks to GTC I
think but I cant log it in perl. The script literally only does this
currently

I think you have misunderstood how this all works.

"Cleartext-Password" is a *control* item that you set, by lookup in files/ldap/sql.

It isn't sent by the client.

*If* the client is doing a plaintext EAP inner - EAP-TTLS/PAP or PEAP/GTC - then the password the clients sends will, in the right packet in the inner-tunnel, be in the "User-Password" attribute.

And as Alan points out, EAP methods are decided by the client.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html