Cleartext-Password with rlm_sql problem
Alan DeKok
aland at deployingradius.com
Tue Apr 3 16:49:27 CEST 2007
Fabio Pedretti wrote:
> Thanks, it works fine, now.
>
> May ask you what is the rationale behind the change from "==" to ":="?
> Wasn't ":=" used for _setting_ something, while "==" for _checking_
> parameters?
Yes and no. See "man users" for details.
"==" is comparing. Since there's no Cleartext-Password in the
request, you can't use "==". Also, in CHAP, MS-CHAP, and EAP, there's
no User-Password either, so you can't use "User-Password == ..."
The solution is to use "Cleartext-Password := ..." That says
"remember that the known good password is ...".
The server then figures out how to use that known good password to
authenticate users.
See "man rlm_pap". It's pointed to from the README and elsewhere.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list