Does freeRADIUS 3 support PostgreSQL 11
Alan DeKok
aland at deployingradius.com
Wed Dec 11 22:27:10 CET 2019
On Dec 11, 2019, at 4:19 PM, Min Wang <Min.Wang at theice.com> wrote:
>
> The shared secret is correct tested with radtest and PostgreSQL 9
Is it correct with PG 11?
And what does the server send back? Reading the debug output helps.
The PG 11 code is online at:
https://github.com/postgres/postgres/blob/master/src/backend/libpq/auth.c#L3346
It looks like it's wrong. :(
i.e. it does the right calculations most of the time. But if the Access-Accept contains a Message-Authenticator attribute, then PostgreSQL code is wrong.
Edit the FR configuration to delete the Message-Authenticator attribute from the reply:
post-auth {
...
if (!EAP-Message) {
update reply {
Message-Authenticator !* ANY
}
}
}
I suspect that will make it work.
Alan DeKok.
More information about the Freeradius-Users
mailing list