Hi I have a problem:
1. The ldap don't replace(expand) the calling-station-id to the mac address, just one time(first)
first time: [ldap] expand: (&(employeeType=TRUE)(cn=%{Stripped-User-Name:-%{User-Name}})(macAddress=%{Calling-Station-Id})) -> (&(employeeType=TRUE)(cn=test)(macAddress=0000.a8bb.4444))
next time: [ldap] expand: (&(employeeType=TRUE)(cn=%{Stripped-User-Name:-%{User-Name}})(macAddress=%{Calling-Station-Id})) -> (&(employeeType=TRUE)(cn=test)(macAddress=))
no mac address expanded
That's because you haven't coppied the request attributes into the tunnel.
Sending tunneled request EAP-Message = 0x020800090174657374 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "test" server { +- entering group authorize {...}
Set copy_request_to_tunnel to yes in peap section of eap.conf.
2. If i use EAP-PEAP + LDAP(cleartext password) works everything.
I would seriously doubt that. Same setting applies.
but I want to store the password md5 format in the ldap
You can't. PEAP can't work with md-5 passwords.
what have to change, what is the solution?
There isn't one. It can't be done. http://deployingradius.com/documents/protocols/compatibility.html Ivan Kalik Kalik Informatika ISP