freeradius_1.1.7 + AP_Cisco_1130 + PEAP

Enrico Fanti efanti.list at gmail.com
Fri Apr 4 08:33:19 CEST 2008


Hi.

We have changed the query "authorize_check_query" to control the nas ip 
 From where  the client try to connect (AP Cisco).

But in peap messages in radius log we have:

PEAP: Sending tunneled request
        EAP-Message = 
0x020800401a0208003b318a18fbff0c2330a310b06a6febf0d5db0000000000000000ad75c432d46dd4e47b68aad456be91bb7bb4d8ad395d61ba0066616e7469
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "fanti"
        State = 0x4eae7a251d569a2e6a3aedd682ef42ad
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
radius_xlat:  'fanti'
rlm_sql (sql): sql_set_user escaped user --> 'fanti'
radius_xlat:  'select distinct u.id,u.UserName,u.Attribute,u.Value,u.op 
from radcheck u,user_nas un,nas n where u.username=un.user and (un.nas 
is null or un.nas=n.id ) and u.username='fanti' and n.nasname='';'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): User fanti not found in radcheck


Here the NAS-IP-ADDRESS is not present and my query does'nt return any 
row. . The user "fanti" in not allowed to connect our wirless network.

By the configuration file , can I have some tips or tricks to have the 
nas-ip-address is present in this PEAP step or some thing to change this 
PEAP step?

Thank you

enrico


Ivan Kalik ha scritto:
> Nothing can use Crypt-Password and do PEAP. It just can't be done.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 3/4/2008, "Enrico Fanti" <efanti.list at gmail.com> piše:
>
>   
>> Ivan Kalik ha scritto:
>>     
>>> You can't have Crypt-Password and do PEAP:
>>>
>>> http://deployingradius.com/documents/protocols/compatibility.html
>>>
>>> And you should use Cleartext-Password in 1.1.7.
>>>   
>>>       
>> But also in freeradius 2 I can't use  "Crypt-Password and do PEAP" ??
>>
>>
>>
>>     
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>>       




More information about the Freeradius-Users mailing list