Unlang Question/Problem
Alan DeKok
aland at deployingradius.com
Wed Aug 19 09:35:06 CEST 2009
Garber, Neal wrote:
> I’m running FR 2.1.6 with patches to rlm_mschap & rlm_eap_mschapv2 to
> correct a problem with case-sensitive userids.
Ok...
> First, if I didn’t include “updated” after the “update request” actions,
> then it would return reject. Is that normal (I didn’t call a module in
> there)?
Yes... it goes back to historical behavior, and the default return
codes when the "authenticate" section is being processed.
> Should the unlang be outside of the “Auth-Type MS-CHAP” block?
No. It MUST be inside.
> Also, Ntlm-Auth-Username is expanded, there’s a “[request] returns
> reject”. I think this is the source of the problem, but I don’t
> understand where the reject is coming from.
Hm... I'm not sure, either.
> The mschap module that
> follows returns OK, but the subsequent eap-comodo module returns reject
> with no explanation in the debug. Do I need something like:
No, that won't help.
It looks like the EAP-MSCHAPv2 module is either NOT being run, or
something else isn't generating an appropriate EAP packet as a reply.
That's why the eap-comodo module returns reject.
I suggest starting off with a *simpler* configuration. Much of that
"unlang" could be put into the "authorize" section, I think.
Alan DeKok.
Alan DeKok.
More information about the Freeradius-Users
mailing list