Setting up freeradius to work with cisco aironet accesspoints in a custom environment

Mario Lipinski mario.lipinski at
Tue Jul 26 17:43:08 CEST 2005


Am Montag, den 25.07.2005, 12:57 -0400 schrieb Alan DeKok:
> "Mario Lipinski" <mario.lipinski at> wrote:
> > Can i do LEAP with Samba-Passwords (which are also stored in the db)?
>   Yes.
> > I think this should work in general but not with the MSChapv2
> > implementation in FreeRadius. Is there any way?
>   It works.

It does, now. :)
Needed to use the ":=" operator and prepend "0x" to the NT-Password
value. Also got it configured to work with my database structure.

> > OK. Thats all that my writing is about. I don't know how to really get
> > away from the sample layout. For example how to distinguish between
> > MAC-Address and EAP authentication requests.
>   Read the debug log.  You have the information in front of you.  I
> don't have access to your system, so it wouild be inappropriate of me
> to guess.

I am attaching two requests taken from the debug log.
The first one is the request for the MAC-Address Authentication, the
second one is the one for LEAP authentication (works, eap messages were
cut since they might contain real user information, dunno).

For the MAC-Address stuff i need to lookup the things in another
database. I know i can define different sql spaces with "sql name" in
the configs. But how to decide, which table use for the lookup.

Both requests are of the type "Login-User". The only difference is, that
the MAC-Address authentication request contains the "User-Password"
attribute. I read much about comparing the values of the attributes, but
how to check for their existence? If there is no better way, i might use
a regex matching [0-9a-f]{12} - should work?

How do i write it in the config to use "sql a" when the regex matches
and to use "sql b" if not?

I hope i provided all information needed to get a quick and clear answer
this time.

Mario Lipinski              VOIP:     +49 511 696045510
Systemadministration        Fax:      +49 721 151-207196
Gymnasium Salzgitter-Bad    E-Mail:   mario.lipinski at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius-leap+mac.log
Type: text/x-log
Size: 865 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the Freeradius-Users mailing list