Digest using an external database for the Password

Alan DeKok aland at deployingradius.com
Tue Apr 30 14:36:29 CEST 2013

Mike Brennan wrote:
> From the previous e-mail I put the sql query in the inner-tunnel (this was
> confirmed by Alan), however, I think this maybe incorrect - I believe it
> should go in the default file (AM I CORRECT?)

  (a) you can wander around making random changes to "fix" things, or

  (b) you can understand what's going on.

  It's not hard.  And no, I'm not going to spoon-feed you.  The answer
is in front of you.  It's in the debug logs you posted.  Have you read
them, looking for "inner-tunnel"?

> The other test fails - see the following two files:
> rfc4590_freeradius_debug and the radiusclient_rfc4590. The authentication
> fails, I suspect that the attributes passed seems to cause FreeRadius to
> reject the authentication. Not sure whether it is the client causing the
> trouble with erroneous setting of the attributes or whether Freeradius is
> interpreting them incorrectly

  FreeRADIUS doesn't implement RFC 4590.  So far as I've seen, no one
else does, either.

> It would be good to get to the bottom of the problem with using RFC 4590 -
> I hope the debug files help. In the debug some fields are set as removed -
> this is what I replaced sensitive information with.

  What client are you using to generate the digest authentication?

  Alan DeKok.

More information about the Freeradius-Users mailing list