Hopefully quick question: conditional processing sneaking in and setting Auth-Type

Gary Gatten Ggatten at waddell.com
Fri Mar 4 23:56:48 CET 2011

I can't find where this conditional processing is happing.  I have two FR servers with "nearly" the same config.  Auth works on one, but not the other:

Both servers set auth type to MS-CHAP:

"[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok"

Everything is the same up to the "PAP" warning message, then:

 - Server that works uses MSCHAP:

Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
Login OK:

 - Server that FAILS:

++? if (!control:Auth-Type)
? Evaluating !(control:Auth-Type) -> FALSE
++? if (!control:Auth-Type) -> FALSE
Found Auth-Type = ntlm_auth
+- entering group authenticate {...}
Login incorrect:

Ignore why ntlm_auth is failing - I'll figure that out later if needed.  What I need to know is WHY it's not just using MSCHAP like the working server and doing some conditional processing to set the Auth-Type?  I checked "all" the conf files I can think of and can't seem to find this...  Any clues would be appreciated.



<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110304/baa17d7c/attachment.html>

More information about the Freeradius-Users mailing list