On Thu, 18 Mar 2004, Alexei Vasilyev wrote: > I'm trying to make this: > > 1. dialup to access-server with CHAP and Calling-Station-ID checking, > so I have to "compare_check_items = yes". This login in ldap have > cleartext password and CHAP authentication. > 2. from AS i need authentication to cisco pix (cisco vpn client over > IPSec, using other login), but radius checks User-Password with > password in ldap before making LDAP auht: > > Error: Invalid operator for item User-Password: reverting to '==' > > so i have to make this password cleartext too. But it is no good. > > Without "compare_check_items = yes" I can use any hash in ldap for > second login and LDAP authentication by binding ldap-server works > good, but i have no check Calling-Station-ID in dialup. > > So it'll be fine to use hashed password in LDAP for second login. Can > any one help me?
Instead of compare_check_items, you can use the checkval module. It's made just for that. > > -- > Best regards, > Alexei Vasilyev mailto:[EMAIL PROTECTED] > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
