checkitem problem

Norbert Wegener norbert.wegener at siemens.com
Sat Sep 1 16:38:38 CEST 2007


Alan DeKok wrote:
> Norbert Wegener wrote:
>   
>>>   Yes... because you are telling the server what the clear-text password
>>> is supposed to be.  If you tell the server TWICE, it will say OK twice.
>>>   
>>>       
>> Telling it twice in a check item?
>>     
>
>   Yes.  You told the server what the "known good" password was.
>
>   
>> Please correct me, but my understanding of check items has been, that
>> they have to be in the the access request to match an entry.
>>     
>
>   No.  Read "man users", or the comments at the top of the "users" file.
>
>   The check items hold BOTH the comparison against the original
> password, AND the instructions for how the server should behave.  This
> is BROKEN, because it confuses people.
>
>   2.0 has a more complex configuration.  But it's a LOT easier to
> understand why it works.
>   
Maybe I should have taken a look at unlang before.
Using it solved my problem nearly immediately.

Norbert Wegener

>   
>> The clear-text password is not in the original request. It is added
>> during the processing of that request via ldap.
>>     
>
>   Yes.  So?
>
>   
>> Depending on that value an entry of the users file should match.
>>     
>
>   No.  Read "man users".
>
>   Cleartext-Password is a configuration attribute.  It is NOT an
> attribute that goes into a packet.
>
>   In 2.0.0-pre2, see "man unlang".
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   




More information about the Freeradius-Users mailing list