calling-station-id replace and md5 problem
tnt at kalik.net
tnt at kalik.net
Wed Jan 28 14:30:49 CET 2009
>Hi I have a problem:
>
>1. The ldap don't replace(expand) the calling-station-id to the mac
>address, just one time(first)
>
>first time:
>[ldap] expand:
>(&(employeeType=TRUE)(cn=%{Stripped-User-Name:-%{User-Name}})(macAddress=%{Calling-Station-Id}))
>-> (&(employeeType=TRUE)(cn=test)(macAddress=0000.a8bb.4444))
>
>next time:
>[ldap] expand:
>(&(employeeType=TRUE)(cn=%{Stripped-User-Name:-%{User-Name}})(macAddress=%{Calling-Station-Id}))
>-> (&(employeeType=TRUE)(cn=test)(macAddress=))
>
>no mac address expanded
>
That's because you haven't coppied the request attributes into the
tunnel.
>Sending tunneled request
> EAP-Message = 0x020800090174657374
> FreeRADIUS-Proxied-To = 127.0.0.1
> User-Name = "test"
>server {
>+- entering group authorize {...}
Set copy_request_to_tunnel to yes in peap section of eap.conf.
>2. If i use EAP-PEAP + LDAP(cleartext password) works everything.
I would seriously doubt that. Same setting applies.
> but I want to store the password md5 format in the ldap
You can't. PEAP can't work with md-5 passwords.
>what have to
>change, what is the solution?
There isn't one. It can't be done.
http://deployingradius.com/documents/protocols/compatibility.html
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list