freeradius_1.1.7 + AP_Cisco_1130 + PEAP
Enrico Fanti
efanti.list at gmail.com
Fri Apr 4 08:33:19 CEST 2008
Hi.
We have changed the query "authorize_check_query" to control the nas ip
From where the client try to connect (AP Cisco).
But in peap messages in radius log we have:
PEAP: Sending tunneled request
EAP-Message =
0x020800401a0208003b318a18fbff0c2330a310b06a6febf0d5db0000000000000000ad75c432d46dd4e47b68aad456be91bb7bb4d8ad395d61ba0066616e7469
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "fanti"
State = 0x4eae7a251d569a2e6a3aedd682ef42ad
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
radius_xlat: 'fanti'
rlm_sql (sql): sql_set_user escaped user --> 'fanti'
radius_xlat: 'select distinct u.id,u.UserName,u.Attribute,u.Value,u.op
from radcheck u,user_nas un,nas n where u.username=un.user and (un.nas
is null or un.nas=n.id ) and u.username='fanti' and n.nasname='';'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): User fanti not found in radcheck
Here the NAS-IP-ADDRESS is not present and my query does'nt return any
row. . The user "fanti" in not allowed to connect our wirless network.
By the configuration file , can I have some tips or tricks to have the
nas-ip-address is present in this PEAP step or some thing to change this
PEAP step?
Thank you
enrico
Ivan Kalik ha scritto:
> Nothing can use Crypt-Password and do PEAP. It just can't be done.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 3/4/2008, "Enrico Fanti" <efanti.list at gmail.com> piše:
>
>
>> Ivan Kalik ha scritto:
>>
>>> You can't have Crypt-Password and do PEAP:
>>>
>>> http://deployingradius.com/documents/protocols/compatibility.html
>>>
>>> And you should use Cleartext-Password in 1.1.7.
>>>
>>>
>> But also in freeradius 2 I can't use "Crypt-Password and do PEAP" ??
>>
>>
>>
>>
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>>
More information about the Freeradius-Users
mailing list