freeradius_1.1.7 + AP_Cisco_1130 + PEAP

Ivan Kalik tnt at kalik.net
Fri Apr 4 10:11:02 CEST 2008 

eap.conf > peap section >

copy_request_to_tunnel = no

change it to yes.

Ivan Kalik
Kalik Informatika ISP


Dana 4/4/2008, "Enrico Fanti" <efanti.list at gmail.com> piše:

>Hi.
>
>We have changed the query "authorize_check_query" to control the nas ip 
> From where  the client try to connect (AP Cisco).
>
>But in peap messages in radius log we have:
>
>PEAP: Sending tunneled request
>        EAP-Message = 
>0x020800401a0208003b318a18fbff0c2330a310b06a6febf0d5db0000000000000000ad75c432d46dd4e47b68aad456be91bb7bb4d8ad395d61ba0066616e7469
>        FreeRADIUS-Proxied-To = 127.0.0.1
>        User-Name = "fanti"
>        State = 0x4eae7a251d569a2e6a3aedd682ef42ad
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 14
>radius_xlat:  'fanti'
>rlm_sql (sql): sql_set_user escaped user --> 'fanti'
>radius_xlat:  'select distinct u.id,u.UserName,u.Attribute,u.Value,u.op 
>from radcheck u,user_nas un,nas n where u.username=un.user and (un.nas 
>is null or un.nas=n.id ) and u.username='fanti' and n.nasname='';'
>rlm_sql (sql): Reserving sql socket id: 0
>rlm_sql (sql): User fanti not found in radcheck
>
>
>Here the NAS-IP-ADDRESS is not present and my query does'nt return any 
>row. . The user "fanti" in not allowed to connect our wirless network.
>
>By the configuration file , can I have some tips or tricks to have the 
>nas-ip-address is present in this PEAP step or some thing to change this 
>PEAP step?
>
>Thank you
>
>enrico
>
>
>Ivan Kalik ha scritto:
>> Nothing can use Crypt-Password and do PEAP. It just can't be done.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 3/4/2008, "Enrico Fanti" <efanti.list at gmail.com> piše:
>>
>>   
>>> Ivan Kalik ha scritto:
>>>     
>>>> You can't have Crypt-Password and do PEAP:
>>>>
>>>> http://deployingradius.com/documents/protocols/compatibility.html
>>>>
>>>> And you should use Cleartext-Password in 1.1.7.
>>>>   
>>>>       
>>> But also in freeradius 2 I can't use  "Crypt-Password and do PEAP" ??
>>>
>>>
>>>
>>>     
>>>> Ivan Kalik
>>>> Kalik Informatika ISP
>>>>
>>>>       
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list