t...@kalik.net wrote:
Hi I have a problem:
1. The ldap don't replace(expand) the calling-station-id to the mac
address, just one time(first)
first time:
[ldap] expand:
(&(employeeType=TRUE)(cn=%{Stripped-User-Name:-%{User-Name}})(macAddress=%{Calling-Station-Id}))
-> (&(employeeType=TRUE)(cn=test)(macAddress=0000.a8bb.4444))
next time:
[ldap] expand:
(&(employeeType=TRUE)(cn=%{Stripped-User-Name:-%{User-Name}})(macAddress=%{Calling-Station-Id}))
-> (&(employeeType=TRUE)(cn=test)(macAddress=))
no mac address expanded
That's because you haven't coppied the request attributes into the
tunnel.
Yes, that was the problem. thanks
Sending tunneled request
EAP-Message = 0x020800090174657374
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test"
server {
+- entering group authorize {...}
Set copy_request_to_tunnel to yes in peap section of eap.conf.
2. If i use EAP-PEAP + LDAP(cleartext password) works everything.
I would seriously doubt that. Same setting applies.
I works,
win xp client - wifi access
cisco ap
radius: def auth type : peap
ldap: store the password in cleadtext.
(it will stay)
but I want to store the password md5 format in the ldap
You can't. PEAP can't work with md-5 passwords.
what have to
change, what is the solution?
There isn't one. It can't be done.
http://deployingradius.com/documents/protocols/compatibility.html
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have one more question, and i have find nothing with google.
I have to use the dictionary.cisco.vpn3000, but if I uncomment it I get
this
error msg:
including dictionary file /usr/local/etc/raddb/dictionary
Errors reading dictionary: dict_init:
/usr/local/share/freeradius/dictionary.cisco.vpn3000[103]: dict_init:
/usr/local/share/freeradius/dictionary.cisco.vpn3000[103]: d
I see this
# The Cisco VPN300 dictionary is the same as the altiga one.
# You shouldn't use both at the same time.
but i don't know that can i do with this information...
Not need cisco.vpn3000? altiga enough?
or disable altiga(where?) and uncomment vpn3000?
Thank you for the response.
Gabor
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html