PEAP with sql - plain Identity

Norbert Grochal norboro at
Wed Feb 8 15:39:46 CET 2006

In 'Ralink Wireless Utility' -> '802.1x Setting'
I can choose 'PEAP' and foll 3 fields (with my example values):
1. Identyty = myidentyty
2. Login = mylogin
3. Password = mypass

(I set protocol as EAP-MSCHAP v2)

in freeradius users file I can write:

mylogin Auth-Type = EAP, User-Password := "mypassword"

So identity can by any word. I hope mylogin and mypassword is sent to radius encrypted, not as plain text.

But when I clear the users file and use sql I have a recerd in radcheck table:

id    UserName    Attribute            op     Value             ... (other fields)
1     mylogin        User-Password   ==    mypassword   ... (other values)

and in "Ralink...' I MUST (?) set (Identity = Login = mylogin) and Password = mypassword to be authorized in freeradius.

But isn't Identity sent as clear text ???
I want to set Identity as Client Name, not as his login, is it possible?
SQL queries check User-Name attribute and *I don't know how* put it to rlm_eap_peap and it says: Tunneled data is valid. (...) Success.
But I don't want to login be equals to identity... 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list