Ok, it works, but a new problem emerged.... I have 6 AP´s. One of them send the MAC in the following format: 00-18-E7-41-AD-C2. The others send 0018e741adc2... Here the letters are in lowercase and if changed to uppercase the authentication fails from 5 AP´s. What must I do in radcheck table to work with the 6 AP´s? More details of actual radcheck in MySQL: 1 DEFAULT Fall-Through = Yes 2 guaraldi Calling-Station-Id == 00-18-E7-41-AD-C2 3 guaraldi Cleartext-Password := 123mudar 4 guaraldi Simultaneous-Use := 1 21 DEFAULT Fall-Through = Yes 22 wvcampos Calling-Station-Id == 00-11-95-95-DC-C0 23 wvcampos Cleartext-Password := sprj2009 24 wvcampos Simultaneous-Use := 1 With this config in radcheck table, guaraldi with letters in uppercase and separated by hyphen is fine. Changing MAC to 0018e741adc2 give me authentication reject. XP Clients do 802.1x EAP-PEAP. It works fine. Let me ask, must I enter DEFAULT Fall-Through = Yes to every user in my database or only one entry? The entries above are correct? Best regards, Guaraldi 2009/9/11 Ivan Kalik <tnt@kalik.net>:
Oops!!! Putting my head in the right place... :-)
May I insert in the radcheck table for user guaraldi, password mudar123, MAC 00-18-E7-41-AD-C2 the following lines???
1 DEFAULT Fall-Through = yes 2 guaraldi Cleartext-Password := mudar123 3 guaraldi Calling-Station-Id == 00-18-E7-41-AD-C2 4 guaraldi Simultaneous-Use := 1
And set in the peap section of eap.conf file: copy_request_to_tunnel = yes Is this correct????????????
Yes. You need to copy outer request into the tunnel (sql should alredy be enabled for password to work). You should probably enable "use_tunneled_reply" as well, to get reply attributes into the final reply.
Ivan Kalik Kalik Informatika ISP