[RADIATOR] AuthByFreeRaidusSQL and EAP authentication

[Heikki Vatiainen]

On 4.8.2020 17.52, Brandon Shiers wrote:

> Tue Aug  4 08:32:27 2020: DEBUG: Radius::AuthFREERADIUSSQL REJECT: Check item ClearText-Password expression 'testpass' does not match '' in request: testuser [testuser]
> Tue Aug  4 08:32:27 2020: DEBUG: AuthBy FREERADIUSSQL result: REJECT, Check item ClearText-Password expression 'testpass' does not match '' in request
> Tue Aug  4 08:32:27 2020: INFO: Access rejected for testuser: Check item ClearText-Password expression 'testpass' does not match '' in request

Do you think you could change all occurences of ClearText-Password to 
User-Password in the DB?

What happens now is that Radiator sees ClearText-Password check item and 
tries to match its value against an attribute in the request that has 
exactly the same name, upper/lower case included.

Because there's no such attribute in the request, the check fails. Also, 
I think the FreeRADIUS attribute is named Cleartext-Password. Note the 
different case.

The next Radiator release has an option to match Cleartext-Password 
against User-Password in request, but that's not possible with 4.24 
release yet.

> When I use the same values and switch to a flat file the authentication works.  Any ideas on what I'm doing wrong?  The radio is also not accepting any of the Cambium attributes but Cambium-Canopy-Gateway and Cambium-Canopy-ConfigFileImportURL even though I have the vendor attributes loaded up in my config file.

How did you load them? If you can pass me the attribute definitions, I 
can check the syntax and the definitions.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.