Hello, Am Montag, den 25.07.2005, 12:57 -0400 schrieb Alan DeKok: > "Mario Lipinski" <[EMAIL PROTECTED]> wrote: > > Can i do LEAP with Samba-Passwords (which are also stored in the db)? > > Yes. > > > I think this should work in general but not with the MSChapv2 > > implementation in FreeRadius. Is there any way? > > It works.
It does, now. :)
Needed to use the ":=" operator and prepend "0x" to the NT-Password
value. Also got it configured to work with my database structure.
> > OK. Thats all that my writing is about. I don't know how to really get
> > away from the sample layout. For example how to distinguish between
> > MAC-Address and EAP authentication requests.
>
> Read the debug log. You have the information in front of you. I
> don't have access to your system, so it wouild be inappropriate of me
> to guess.
I am attaching two requests taken from the debug log.
The first one is the request for the MAC-Address Authentication, the
second one is the one for LEAP authentication (works, eap messages were
cut since they might contain real user information, dunno).
For the MAC-Address stuff i need to lookup the things in another
database. I know i can define different sql spaces with "sql name" in
the configs. But how to decide, which table use for the lookup.
Both requests are of the type "Login-User". The only difference is, that
the MAC-Address authentication request contains the "User-Password"
attribute. I read much about comparing the values of the attributes, but
how to check for their existence? If there is no better way, i might use
a regex matching [0-9a-f]{12} - should work?
How do i write it in the config to use "sql a" when the regex matches
and to use "sql b" if not?
I hope i provided all information needed to get a quick and clear answer
this time.
Thanks,
--
Mario Lipinski VOIP: +49 511 696045510
Systemadministration Fax: +49 721 151-207196
Gymnasium Salzgitter-Bad E-Mail: [EMAIL PROTECTED]
Internet: http://www.gymszbad.de
rad_recv: Access-Request packet from host 172.21.1.3:1645, id=111, length=114 User-Name = "000e352af0fd" User-Password = "000e352af0fd" Called-Station-Id = "0011.92f8.9c10" Calling-Station-Id = "000e.352a.f0fd" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 294 NAS-IP-Address = 172.21.1.3 NAS-Identifier = "ap03" [...] Login incorrect: [000e352af0fd] (from client ap port 294 cli 000e.352a.f0fd) rad_recv: Access-Request packet from host 172.21.1.3:1645, id=112, length=121 User-Name = "law" Framed-MTU = 1400 Called-Station-Id = "0011.92f8.9c10" Calling-Station-Id = "000e.352a.f0fd" Service-Type = Login-User Message-Authenticator = 0xdeadbeef08151337... EAP-Message = 0x0815deadbeef1337... NAS-Port-Type = Wireless-802.11 NAS-Port = 294 NAS-IP-Address = 172.21.1.3 NAS-Identifier = "ap03"
signature.asc
Description: This is a digitally signed message part
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
