"[eap] = reject" after "Calling eap_md5 to process EAP data"

Zeus Panchenko zeus at ibs.dn.ua
Wed Jul 8 07:38:06 CEST 2015


Alan DeKok <aland at deployingradius.com> wrote:
> > why? if not, then what is the way to achieve the desired? to store
> > login/password as FR normalized MAC address and eap_md5 understand that
> > (while User-Name differs)?
> 
>   In general, mangling the User-Name is a bad idea.  It means that the authentication and accounting may have different views of what the user name is.  It means that EAP may not work correctly.  It means that proxying may break.
> 
>   You're better off using a temporary attribute for the "mangled" user name, and leaving User-Name alone.  But in the end it's your system...

ok, I understood the idea and I'm confused even more ... please advise,
what is the possible way to achieve what I described?

to leave User-Name intact and to manage all possibilities in UI to DB
(to manage new user creation or existent ones modification) with account
of the hardware User-Name-representation-types? or it is possible with
some eap_md5 configuration indeed?


-- 
Zeus V. Panchenko				jid:zeus at im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150708/ac43376a/attachment.sig>


More information about the Freeradius-Users mailing list