Masquerading MSCHAPv2 User-Name?
Alan DeKok
aland at deployingradius.com
Sat Feb 20 12:22:07 CET 2021
On Feb 20, 2021, at 2:16 AM, David Herselman via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Hi Alan,
>
> Changing the key in mods-enabled/files unfortunately results in the group checks then failing. It appears 'Group ==' checks require 'User-Name' to be set. Is this possibly a bug?
No.
The Group attribute does lookups in Unix groups, based on User-Name. This is documented.
If there's no User-Name, then the Group lookups can't happen.
And... if these group lookups are failing, then there's no User-Name in the Access-Request. How does that happen? It's *always* supposed to be included!
Alan DeKok.
More information about the Freeradius-Users
mailing list