Problems with DBM and MS-CHAP - SOLVED!
Alan DeKok
aland at deployingradius.com
Wed Aug 8 17:07:22 CEST 2007
Tom Griffin wrote:
> Since the dbm module was ran before the mschap module, Auth-Type was
> being set to Local as instructed in the DBM user file.
It would have been useful to say that earlier.
The response, as (almost always) is DO NOT SET AUTH-TYPE. Doing so is
almost always wrong.
> As for why this issue is not present in version 1.0.1, I do not know.
> But I would like to see the mschap module do Auth-Type := mschap (using
> colon-equals) so it will ALWAYS use mschap if mschap attributes are
> found, regardless of what any earlier modules have set Auth-Type to.
No.
Another module may be handling the MS-CHAP request, or another
configuration may have accepted / rejected the user. Over-writing what
the administrator configured earlier is bad.
Alan DeKok.
More information about the Freeradius-Users
mailing list