"Norbert Grochal" <norboro@celpol.pl> wrote:
in freeradius users file I can write:
mylogin Auth-Type = EAP, User-Password := "mypassword"
Please read eap.conf. Setting Auth-Type is NOT recommended.
So identity can by any word. I hope mylogin and mypassword is sent to radius encrypted, not as plain text.
That's what MS-CHAP is.
But when I clear the users file and use sql I have a recerd in radcheck table:
id UserName Attribute op Value ... (other fields) 1 mylogin User-Password == mypassword ... (other values)
Please read the "rlm_sql" documentation. You are *comparing* the passwords via '=='. Since, as you said, the client is sending MS-CHAP, there will be no clear-text password in the request. Therefore, there will be no clear-text password to compare, and the comparison will fail.
But isn't Identity sent as clear text ???
Yes. So?
I want to set Identity as Client Name, not as his login, is it possible?
I think so. I'm not sure what you mean by that, though. Alan DeKok.