upgrade to freeradius 3.0.15 and problem with authorization

Alan Buxey alan.buxey at gmail.com
Mon Sep 18 14:56:47 CEST 2017


post debug.  if NAS is sending that, its fine - its what FR
knows/handles that matters - the warnings you worry about are probably
due to mysql syntax you've ported :/

On 18 September 2017 at 13:22, Anton Kiryushkin <swood at fotofor.biz> wrote:
> Hello.
>
> I've upgraded to 3.0.15 from 2.X and now I have a problem with pap
> authorization.
>
> My users saved in a MySQL with an attribute md5. But, from Cisco ASA I
> receive header User-Password. In a source code I've found next strings:
>
>               case PW_USER_PASSWORD: /* deprecated */
>                         RWDEBUG("!!!!!!!!!!!!!!!!!!!!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
>                         RWDEBUG("!!! Ignoring control:User-Password.
> Update your        !!!");
>                         RWDEBUG("!!! configuration so that the \"known
> good\" clear text !!!");
>                         RWDEBUG("!!! password is in Cleartext-Password and
> NOT in        !!!");
>                         RWDEBUG("!!! User-Password.
>               !!!");
>                         RWDEBUG("!!!!!!!!!!!!!!!!!!!!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
>                         break;
>
> Okay. I've found a workaround with unlang and paste it to "authorize"
> section:
>
> if (!control:Cleartext-Password && control:User-Password) {
>   update control {
>     Cleartext-Password := "%{control:User-Password}"
>   }
> }
>
>
> But it doesn't work.
>
> How can I save an encrypted password in MySQL and delete header
> User-Password which I receive from Cisco ASA (I can't modify software on
> the Cisco side)?
>
>
>
> --
> Best regards,
> Anton Kiryushkin
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list