I'm trying to make this: 1. dialup to access-server with CHAP and Calling-Station-ID checking, so I have to "compare_check_items = yes". This login in ldap have cleartext password and CHAP authentication. 2. from AS i need authentication to cisco pix (cisco vpn client over IPSec, using other login), but radius checks User-Password with password in ldap before making LDAP auht:
Error: Invalid operator for item User-Password: reverting to '==' so i have to make this password cleartext too. But it is no good. Without "compare_check_items = yes" I can use any hash in ldap for second login and LDAP authentication by binding ldap-server works good, but i have no check Calling-Station-ID in dialup. So it'll be fine to use hashed password in LDAP for second login. Can any one help me? -- Best regards, Alexei Vasilyev mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
