All password checks disabled... ugh

Stefan Winter stefan.winter at
Tue Apr 15 22:02:55 CEST 2014


> Found that it is set in config. My pap module config is really minimal:
>         pap {
>                 auto_header = no
>         }
> It doesn't set normalise, and as per code it then defaults to "yes". So inst->normify should do its job.
> Which means I'm more clueless than before, if that's even possible :-(
> Use GDB and step through?
> It can attach to a running process, especially if you've got a panic action set :)

Might do. Meanwhile, one of the mini things I found while chasing ghosts
is that my "files" instance separates the username and the NT-Password
:= ABCDFOO with *spaces*, while the doc says it need to be tabs.

I see now that that requirement was also in v2 - but it worked there.

My theory is that it might have matched line 22, but not actually picked
up the password; and then by some dubious assumption concluded "nothing
to check, so Accept"?

This doesn't explain why other clients on the same virtual server do
check the NT-Password. Oh well.

Hope that's not it, but... let me know. It's going to be one of the
things to test when back in the office.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Devel mailing list