post debug. if NAS is sending that, its fine - its what FR knows/handles that matters - the warnings you worry about are probably due to mysql syntax you've ported :/ On 18 September 2017 at 13:22, Anton Kiryushkin <swood@fotofor.biz> wrote:
Hello.
I've upgraded to 3.0.15 from 2.X and now I have a problem with pap authorization.
My users saved in a MySQL with an attribute md5. But, from Cisco ASA I receive header User-Password. In a source code I've found next strings:
case PW_USER_PASSWORD: /* deprecated */ RWDEBUG("!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); RWDEBUG("!!! Ignoring control:User-Password. Update your !!!"); RWDEBUG("!!! configuration so that the \"known good\" clear text !!!"); RWDEBUG("!!! password is in Cleartext-Password and NOT in !!!"); RWDEBUG("!!! User-Password. !!!"); RWDEBUG("!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); break;
Okay. I've found a workaround with unlang and paste it to "authorize" section:
if (!control:Cleartext-Password && control:User-Password) { update control { Cleartext-Password := "%{control:User-Password}" } }
But it doesn't work.
How can I save an encrypted password in MySQL and delete header User-Password which I receive from Cisco ASA (I can't modify software on the Cisco side)?
-- Best regards, Anton Kiryushkin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html