Fwd: upgrade to freeradius 3.0.15 and problem with authorization

Anton Kiryushkin swood at fotofor.biz
Mon Sep 18 14:22:30 CEST 2017


Hello.

I've upgraded to 3.0.15 from 2.X and now I have a problem with pap
authorization.

My users saved in a MySQL with an attribute md5. But, from Cisco ASA I
receive header User-Password. In a source code I've found next strings:

              case PW_USER_PASSWORD: /* deprecated */
                        RWDEBUG("!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
                        RWDEBUG("!!! Ignoring control:User-Password.
Update your        !!!");
                        RWDEBUG("!!! configuration so that the \"known
good\" clear text !!!");
                        RWDEBUG("!!! password is in Cleartext-Password and
NOT in        !!!");
                        RWDEBUG("!!! User-Password.
              !!!");
                        RWDEBUG("!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
                        break;

Okay. I've found a workaround with unlang and paste it to "authorize"
section:

if (!control:Cleartext-Password && control:User-Password) {
  update control {
    Cleartext-Password := "%{control:User-Password}"
  }
}


But it doesn't work.

How can I save an encrypted password in MySQL and delete header
User-Password which I receive from Cisco ASA (I can't modify software on
the Cisco side)?



-- 
Best regards,
Anton Kiryushkin


More information about the Freeradius-Users mailing list