Fwd: upgrade to freeradius 3.0.15 and problem with authorization
Anton Kiryushkin
swood at fotofor.biz
Mon Sep 18 14:22:30 CEST 2017
Hello.
I've upgraded to 3.0.15 from 2.X and now I have a problem with pap
authorization.
My users saved in a MySQL with an attribute md5. But, from Cisco ASA I
receive header User-Password. In a source code I've found next strings:
case PW_USER_PASSWORD: /* deprecated */
RWDEBUG("!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
RWDEBUG("!!! Ignoring control:User-Password.
Update your !!!");
RWDEBUG("!!! configuration so that the \"known
good\" clear text !!!");
RWDEBUG("!!! password is in Cleartext-Password and
NOT in !!!");
RWDEBUG("!!! User-Password.
!!!");
RWDEBUG("!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
break;
Okay. I've found a workaround with unlang and paste it to "authorize"
section:
if (!control:Cleartext-Password && control:User-Password) {
update control {
Cleartext-Password := "%{control:User-Password}"
}
}
But it doesn't work.
How can I save an encrypted password in MySQL and delete header
User-Password which I receive from Cisco ASA (I can't modify software on
the Cisco side)?
--
Best regards,
Anton Kiryushkin
More information about the Freeradius-Users
mailing list