calling-station-id replace and md5 problem

tnt at tnt at
Wed Jan 28 14:30:49 CET 2009

>Hi I have a problem:
>1. The ldap don't  replace(expand) the calling-station-id to the mac
>address, just one time(first)
>first time:
>[ldap]  expand:
>-> (&(employeeType=TRUE)(cn=test)(macAddress=0000.a8bb.4444))
>next time:
>[ldap]  expand:
>-> (&(employeeType=TRUE)(cn=test)(macAddress=))
>no mac address expanded

That's because you haven't coppied the request attributes into the

>Sending tunneled request
>       EAP-Message = 0x020800090174657374
>       FreeRADIUS-Proxied-To =
>       User-Name = "test"
>server  {
>+- entering group authorize {...}

Set copy_request_to_tunnel to yes in peap section of eap.conf.

>2. If i use EAP-PEAP + LDAP(cleartext password) works everything.

I would seriously doubt that. Same setting applies.

>  but I want to store the password md5 format in the ldap

You can't. PEAP can't work with md-5 passwords.

>what have to
>change, what is the solution?

There isn't one. It can't be done.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list