freeradius_1.1.7 + AP_Cisco_1130 + PEAP

Enrico Fanti efanti.list at gmail.com
Fri Apr 4 11:06:51 CEST 2008


I tried.

Now my eap.conf  > peap section is:

peap {
                        default_eap_type = mschapv2

                       
                        copy_request_to_tunnel = yes
                       
                }


It works now.

Thank you

enrico




Ivan Kalik ha scritto:
> eap.conf > peap section >
>
> copy_request_to_tunnel = no
>
> change it to yes.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 4/4/2008, "Enrico Fanti" <efanti.list at gmail.com> piše:
>
>   
>> Hi.
>>
>> We have changed the query "authorize_check_query" to control the nas ip 
>> From where  the client try to connect (AP Cisco).
>>
>> But in peap messages in radius log we have:
>>
>> PEAP: Sending tunneled request
>>        EAP-Message = 
>> 0x020800401a0208003b318a18fbff0c2330a310b06a6febf0d5db0000000000000000ad75c432d46dd4e47b68aad456be91bb7bb4d8ad395d61ba0066616e7469
>>        FreeRADIUS-Proxied-To = 127.0.0.1
>>        User-Name = "fanti"
>>        State = 0x4eae7a251d569a2e6a3aedd682ef42ad
>>  Processing the authorize section of radiusd.conf
>> modcall: entering group authorize for request 14
>> radius_xlat:  'fanti'
>> rlm_sql (sql): sql_set_user escaped user --> 'fanti'
>> radius_xlat:  'select distinct u.id,u.UserName,u.Attribute,u.Value,u.op 
>>     
> >from radcheck u,user_nas un,nas n where u.username=un.user and (un.nas 
>   
>> is null or un.nas=n.id ) and u.username='fanti' and n.nasname='';'
>> rlm_sql (sql): Reserving sql socket id: 0
>> rlm_sql (sql): User fanti not found in radcheck
>>
>>
>> Here the NAS-IP-ADDRESS is not present and my query does'nt return any 
>> row. . The user "fanti" in not allowed to connect our wirless network.
>>
>> By the configuration file , can I have some tips or tricks to have the 
>> nas-ip-address is present in this PEAP step or some thing to change this 
>> PEAP step?
>>
>> Thank you
>>
>> enrico
>>
>>
>> Ivan Kalik ha scritto:
>>     
>>> Nothing can use Crypt-Password and do PEAP. It just can't be done.
>>>
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>>
>>> Dana 3/4/2008, "Enrico Fanti" <efanti.list at gmail.com> piše:
>>>
>>>   
>>>       
>>>> Ivan Kalik ha scritto:
>>>>     
>>>>         
>>>>> You can't have Crypt-Password and do PEAP:
>>>>>
>>>>> http://deployingradius.com/documents/protocols/compatibility.html
>>>>>
>>>>> And you should use Cleartext-Password in 1.1.7.
>>>>>   
>>>>>       
>>>>>           
>>>> But also in freeradius 2 I can't use  "Crypt-Password and do PEAP" ??
>>>>
>>>>
>>>>
>>>>     
>>>>         
>>>>> Ivan Kalik
>>>>> Kalik Informatika ISP
>>>>>
>>>>>       
>>>>>           
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>     
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   




More information about the Freeradius-Users mailing list