Why doesn't := "Always match?"
Paul Long
plong at ipdialog.com
Sat Jul 22 00:40:01 CEST 2006
A man page (http://www.die.net/doc/linux/man/man5/users.5.html) for the
users file says, "Attribute := Value ... Always matches as a check
item..." So does that mean, no matter what the value is, it will always
match the attribute? I don't see that happening. As an experiment, I
have a supplicant in a WiFi phone with user name of "plong" and password
of "123". With the following entry in the users file:
plong Auth-Type = Local, User-Password := "126"
...I assumed it would match even though the value is different; however,
it does not match, and the access request is rejected:
rlm_chap: login attempt by "plong" with CHAP password
rlm_chap: Using clear text password 126 for user plong authentication.
rlm_chap: Pasword check failed
To get it to match, I have to have the correct value:
plong Auth-Type = Local, User-Password := "123"
which results in this debug output:
rlm_chap: login attempt by "plong" with CHAP password
rlm_chap: Using clear text password 123 for user plong authentication.
rlm_chap: chap user plong authenticated succesfully
In fact, := behaves exactly like == in this case. What's the deal? Why
doesn't := "always match?" Am I misunderstanding what it means to "match?"
Paul
More information about the Freeradius-Users
mailing list