Porting ldap module configuration from 2.2.9 to 3.0.15
Stefan Paetow
Stefan.Paetow at jisc.ac.uk
Wed Sep 20 17:46:00 CEST 2017
Hi Olivier,
Have a look in your authorize section... You should have this in your
authorize section too (*after* the 'pap' line, which should be active):
if (&request:User-Password) {
update control {
Auth-Type = ldap
}
}
Note that the operator is '=', not ':='. This means that an Auth-Type is
only set when none exists.
The message about the server no longer authenticating cleartext passwords
in the User-Password attribute only refers to entries in the 'users' file
or other backends (such as databases). AFAIK, RADIUS protocol will always
continue to send User-Password, which the PAP module (and others) will
decode based on what they find in it.
Given that your Access-Request packet does contain User-Password, I
suspect it's the fact that you don't set an Auth-Type with unlang that it
fails.
V3 is much more powerful and flexible (but stricter).
:-)
Stefan Paetow
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by
guarantee which is registered in England under Company No. 5747339, VAT
No. GB 197 0632 86. JiscĀ¹s registered office is: One Castlepark, Tower
Hill, Bristol, BS2 0JA. T 0203 697 5800.
More information about the Freeradius-Users
mailing list