upgrade to freeradius 3.0.15 and problem with authorization
Alan Buxey
alan.buxey at gmail.com
Mon Sep 18 14:56:47 CEST 2017
post debug. if NAS is sending that, its fine - its what FR
knows/handles that matters - the warnings you worry about are probably
due to mysql syntax you've ported :/
On 18 September 2017 at 13:22, Anton Kiryushkin <swood at fotofor.biz> wrote:
> Hello.
>
> I've upgraded to 3.0.15 from 2.X and now I have a problem with pap
> authorization.
>
> My users saved in a MySQL with an attribute md5. But, from Cisco ASA I
> receive header User-Password. In a source code I've found next strings:
>
> case PW_USER_PASSWORD: /* deprecated */
> RWDEBUG("!!!!!!!!!!!!!!!!!!!!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
> RWDEBUG("!!! Ignoring control:User-Password.
> Update your !!!");
> RWDEBUG("!!! configuration so that the \"known
> good\" clear text !!!");
> RWDEBUG("!!! password is in Cleartext-Password and
> NOT in !!!");
> RWDEBUG("!!! User-Password.
> !!!");
> RWDEBUG("!!!!!!!!!!!!!!!!!!!!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
> break;
>
> Okay. I've found a workaround with unlang and paste it to "authorize"
> section:
>
> if (!control:Cleartext-Password && control:User-Password) {
> update control {
> Cleartext-Password := "%{control:User-Password}"
> }
> }
>
>
> But it doesn't work.
>
> How can I save an encrypted password in MySQL and delete header
> User-Password which I receive from Cisco ASA (I can't modify software on
> the Cisco side)?
>
>
>
> --
> Best regards,
> Anton Kiryushkin
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list