Fabio Pedretti wrote: > Thanks, it works fine, now. > > May ask you what is the rationale behind the change from "==" to ":="? > Wasn't ":=" used for _setting_ something, while "==" for _checking_ > parameters?
Yes and no. See "man users" for details. "==" is comparing. Since there's no Cleartext-Password in the request, you can't use "==". Also, in CHAP, MS-CHAP, and EAP, there's no User-Password either, so you can't use "User-Password == ..." The solution is to use "Cleartext-Password := ..." That says "remember that the known good password is ...". The server then figures out how to use that known good password to authenticate users. See "man rlm_pap". It's pointed to from the README and elsewhere. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
