PEAP with sql - plain Identity
Alan DeKok
aland at ox.org
Wed Feb 8 19:32:13 CET 2006
"Norbert Grochal" <norboro at celpol.pl> wrote:
> in freeradius users file I can write:
>
> mylogin Auth-Type = EAP, User-Password := "mypassword"
Please read eap.conf. Setting Auth-Type is NOT recommended.
> So identity can by any word. I hope mylogin and mypassword is sent to
> radius encrypted, not as plain text.
That's what MS-CHAP is.
> But when I clear the users file and use sql I have a recerd in radcheck
> table:
>
> id UserName Attribute op Value ...
> (other fields)
> 1 mylogin User-Password == mypassword ... (other
> values)
Please read the "rlm_sql" documentation. You are *comparing* the
passwords via '=='. Since, as you said, the client is sending
MS-CHAP, there will be no clear-text password in the request.
Therefore, there will be no clear-text password to compare, and the
comparison will fail.
> But isn't Identity sent as clear text ???
Yes. So?
> I want to set Identity as Client Name, not as his login, is it possible?
I think so. I'm not sure what you mean by that, though.
Alan DeKok.
More information about the Freeradius-Users
mailing list