Hi all,
I encountered a behaviour of rad_check_password in freeradius 0.3, which I
don't understand.
There is a user 'hugo', who has an entry in system's passwd and one entry
in the radius sql database (with different passwords).
The user's entry in raddb/users is:
hugo Auth-Type := System
Reply-Message = "Hello, %u"
It is located before any DEFAULT entries.
Authentication fails when supplying the passwd-password and succeeds
when supplying the sql database-password. Using the passwd-password, the
debug output is:
rad_check_password: Found Auth-Type System
auth: type Crypt
auth: Failed to validate the user.
First of all, the auth_type found by rad_check_password in the
config_items, is System - as expected. But then, in line 258/259 of auth.c
auth_type is overwritten with PW_AUTHTYPE_CRYPT, because freeradius finds
the encrypted password from the sql database in the config_items. (The
same may happen, when the user has a password, encrypted or not, in
raddb/users.) Thus in the switch(auth_type) at line 291ff the wrong case
is selected an the supplied password is checked against the sql password.
May there be a misconfiguration, or is this an intended behaviour. (Why?)
What do I have to do then, to check the supplied password against the
system password?
TIA
Thomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
