Re: calling-station-id replace and md5 problem

Wed, 28 Jan 2009 06:55:35 -0800 

t...@kalik.net wrote:

Hi I have a problem:

1. The ldap don't  replace(expand) the calling-station-id to the mac
address, just one time(first)

first time:
[ldap]  expand:
(&(employeeType=TRUE)(cn=%{Stripped-User-Name:-%{User-Name}})(macAddress=%{Calling-Station-Id}))
-> (&(employeeType=TRUE)(cn=test)(macAddress=0000.a8bb.4444))

next time:
[ldap]  expand:
(&(employeeType=TRUE)(cn=%{Stripped-User-Name:-%{User-Name}})(macAddress=%{Calling-Station-Id}))
-> (&(employeeType=TRUE)(cn=test)(macAddress=))

no mac address expanded



That's because you haven't coppied the request attributes into the
tunnel.


Yes, that was the problem. thanks

Sending tunneled request
      EAP-Message = 0x020800090174657374
      FreeRADIUS-Proxied-To = 127.0.0.1
      User-Name = "test"
server  {
+- entering group authorize {...}


Set copy_request_to_tunnel to yes in peap section of eap.conf.


2. If i use EAP-PEAP + LDAP(cleartext password) works everything.


I would seriously doubt that. Same setting applies.


I works,
win xp client - wifi access
cisco ap
radius: def auth type : peap
ldap: store the password in cleadtext.

(it will stay)

 but I want to store the password md5 format in the ldap


You can't. PEAP can't work with md-5 passwords.


what have to
change, what is the solution?


There isn't one. It can't be done.

http://deployingradius.com/documents/protocols/compatibility.html

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

I have one more question, and i have find nothing with google.
I have to use the dictionary.cisco.vpn3000, but if I uncomment it I get this 
error msg:

including dictionary file /usr/local/etc/raddb/dictionary
Errors reading dictionary: dict_init: /usr/local/share/freeradius/dictionary.cisco.vpn3000[103]: dict_init: /usr/local/share/freeradius/dictionary.cisco.vpn3000[103]: d 

I see this
#     The Cisco VPN300 dictionary is the same as the altiga one.
#     You shouldn't use both at the same time.

but i don't know that can i do with this information...

Not need cisco.vpn3000? altiga enough?
or disable altiga(where?) and  uncomment vpn3000?


Thank you for the response.

Gabor





-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to