2.1.12 potential problem...
James J J Hooper
jjj.hooper at bristol.ac.uk
Fri Sep 16 22:45:39 CEST 2011
>> Don't do that.
>>
>> Instead, don't reject the in the first place. For example:
>>
>> authorize {
>>
>> ...
>>
>> sql
>> if (notfound) {
>> update control {
>> Auth-Type := Accept
>> }
>> }
>>
>> }
>
> Above won't work since:
> https://github.com/alandekok/freeradius-server/commit/1a00da32c13fb979e11748250da469c7ac4474a8
>
> -James
https://github.com/alandekok/freeradius-server/commit/1a00da
In fact this dictionary change breaks other stuff too, e.g. below:
[vpieap] Request found, released from the list
[vpieap] EAP/mschapv2
[vpieap] processing type mschapv2
[mschapv2] WARNING: Unknown value specified for Auth-Type. Cannot
perform requested action.
[mschapv2] # Executing group from file
/usr/local/etc/raddb/sites-enabled/vpi-inner
[vpieap] Freeing handler
++[vpieap] returns reject
Failed to authenticate the user.
and e.g:
grep -R 'pairmake("Auth-Type", "' freeradius-server/src/*
freeradius-server/src/modules/rlm_chap/rlm_chap.c: pairmake("Auth-Type",
"CHAP", T_OP_EQ));
freeradius-server/src/modules/rlm_digest/rlm_digest.c:
pairmake("Auth-Type", "DIGEST", T_OP_EQ));
-James
More information about the Freeradius-Users
mailing list