Cleartext-Password with rlm_sql problem

Alan DeKok aland at deployingradius.com
Tue Apr 3 16:49:27 CEST 2007


Fabio Pedretti wrote:
> Thanks, it works fine, now.
> 
> May ask you what is the rationale behind the change from "==" to ":="?  
> Wasn't ":=" used for _setting_ something, while "==" for _checking_  
> parameters?

  Yes and no.  See "man users" for details.

  "==" is comparing.  Since there's no Cleartext-Password in the
request, you can't use "==".  Also, in CHAP, MS-CHAP, and EAP, there's
no User-Password either, so you can't use "User-Password == ..."

  The solution is to use "Cleartext-Password := ..."  That says
"remember that the known good password is ...".

  The server then figures out how to use that known good password to
authenticate users.

  See "man rlm_pap".  It's pointed to from the README and elsewhere.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list