All password checks disbaled... ugh

Arran Cudbard-Bell a.cudbardb at
Tue Apr 15 21:45:28 CEST 2014

On 15 Apr 2014, at 13:17, Stefan Winter <stefan.winter at> wrote:

> Follow-up to myself,
>> As you see, no proxying (no suffix module at all) nor EAP-Message in the
>> debug log.
> Ah, there is a suffix instance but it does nothing, noop.
>> I have looked at other occasions where NT-Password gets used (e.g. we
>> have a vserver which pulls it out of SQL). I guess I should be seeing
>> that normify() outputs something in the debug output I sent - but not at
>> all. It is hex-encoded though, so the RDEBUG2 inside normify can't
>> possibly be silent.
>> This makes me believe that the NT-Password is not actually evaluated .
>> But then again, the log also says that the line matched, so it should
>> really get going.
>> Wondering about inst->normify - that's inside an if. Maybe it is false,
>> so pw_found is set to true, but the normifying is never done? I also see
>> that instantiate() does not set inst->normify. Does it have to? Not good
>> enough in C to answer this.
> Found that it is set in config. My pap module config is really minimal:
>         pap {
>                 auto_header = no
>         }
> It doesn't set normalise, and as per code it then defaults to "yes". So inst->normify should do its job.
> Which means I'm more clueless than before, if that's even possible :-(

Use GDB and step through?

It can attach to a running process, especially if you've got a panic action set :)

Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Devel mailing list