Stefan Winter wrote:
Found that it is set in config. My pap module config is really minimal: pap { auto_header = no
The auto_header directive has been removed in v3. The User-Password is now always just the password. The Password-With-Header attribute should contain the header.
Might do. Meanwhile, one of the mini things I found while chasing ghosts is that my "files" instance separates the username and the NT-Password := ABCDFOO with *spaces*, while the doc says it need to be tabs.
Both spaces and tabs are accepted. The "users" file parsing code hasn't changed in v3.
My theory is that it might have matched line 22, but not actually picked up the password; and then by some dubious assumption concluded "nothing to check, so Accept"?
No. If there's no Cleartext-Password, it should default to rejecting the request.
This doesn't explain why other clients on the same virtual server do check the NT-Password. Oh well.
No idea. Alan DeKok.