EAP, Cleartext-Password & rlm_perl

Ryan De Kock ryandekock1988 at gmail.com
Fri May 23 13:41:04 CEST 2014

OK...Thanks my head feels better now.

So then if I could just ask one more question. Am I able to use sql to
authenticate users via eap? if so, is it possible to use a custom schema? I
just wondering because if I don't know the password of the user, how can I
authenticate it against sql?

On 23 May 2014 13:34, Phil Mayers <p.mayers at imperial.ac.uk> wrote:

> On 23/05/14 12:06, Ryan De Kock wrote:
>  So the perl script has access to "Cleartext-Password" thanks to GTC I
>> think but I cant log it in perl. The script literally only does this
>> currently
> I think you have misunderstood how this all works.
> "Cleartext-Password" is a *control* item that you set, by lookup in
> files/ldap/sql.
> It isn't sent by the client.
> *If* the client is doing a plaintext EAP inner - EAP-TTLS/PAP or PEAP/GTC
> - then the password the clients sends will, in the right packet in the
> inner-tunnel, be in the "User-Password" attribute.
> And as Alan points out, EAP methods are decided by the client.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/89752828/attachment-0001.html>

More information about the Freeradius-Users mailing list