Using %{User-Password} in sql query for mschapv2
Fajar A. Nugraha
list at fajar.net
Sun Apr 1 09:36:07 CEST 2012
IMHO this question should be on freeradius-users, so moving it there.
On Sun, Apr 1, 2012 at 8:30 AM, Oliver <oliver at anonsphere.com> wrote:
> Hi everybody,
>
> I use FreeRADIUS Version 2.1.10 on Debian with OpenVPN and
> xl2tp/openswan and the rlm_sql module. I want to use the user password
> in a sql query in dialup.conf. This works fine with ssh and openvpn
> logins but not with mschapv2. I don't know if the password is really not
> submitted or just not replaced in the sql query.
in mschapv2, the the client doesn't send user's cleartext password.
>
> Is there a simple way to make this work?
For that purpose, you need user's cleartext password. Which means you
can't use chap (or any of its variants). Only use PAP, TTLS-PAP, or
EAP-GTC.
Or change the way your system works so you don't need user's cleartext password.
--
Fajar
More information about the Freeradius-Users
mailing list