checkitem problem
Norbert Wegener
norbert.wegener at siemens.com
Sat Sep 1 16:38:38 CEST 2007
Alan DeKok wrote:
> Norbert Wegener wrote:
>
>>> Yes... because you are telling the server what the clear-text password
>>> is supposed to be. If you tell the server TWICE, it will say OK twice.
>>>
>>>
>> Telling it twice in a check item?
>>
>
> Yes. You told the server what the "known good" password was.
>
>
>> Please correct me, but my understanding of check items has been, that
>> they have to be in the the access request to match an entry.
>>
>
> No. Read "man users", or the comments at the top of the "users" file.
>
> The check items hold BOTH the comparison against the original
> password, AND the instructions for how the server should behave. This
> is BROKEN, because it confuses people.
>
> 2.0 has a more complex configuration. But it's a LOT easier to
> understand why it works.
>
Maybe I should have taken a look at unlang before.
Using it solved my problem nearly immediately.
Norbert Wegener
>
>> The clear-text password is not in the original request. It is added
>> during the processing of that request via ldap.
>>
>
> Yes. So?
>
>
>> Depending on that value an entry of the users file should match.
>>
>
> No. Read "man users".
>
> Cleartext-Password is a configuration attribute. It is NOT an
> attribute that goes into a packet.
>
> In 2.0.0-pre2, see "man unlang".
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list