Alan DeKok wrote:
Norbert Wegener wrote:
Yes... because you are telling the server what the clear-text password is supposed to be. If you tell the server TWICE, it will say OK twice.
Telling it twice in a check item?
Yes. You told the server what the "known good" password was.
Please correct me, but my understanding of check items has been, that they have to be in the the access request to match an entry.
No. Read "man users", or the comments at the top of the "users" file.
The check items hold BOTH the comparison against the original password, AND the instructions for how the server should behave. This is BROKEN, because it confuses people.
2.0 has a more complex configuration. But it's a LOT easier to understand why it works.
Maybe I should have taken a look at unlang before. Using it solved my problem nearly immediately. Norbert Wegener
The clear-text password is not in the original request. It is added during the processing of that request via ldap.
Yes. So?
Depending on that value an entry of the users file should match.
No. Read "man users".
Cleartext-Password is a configuration attribute. It is NOT an attribute that goes into a packet.
In 2.0.0-pre2, see "man unlang".
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html