hi, heres one for a wednesday morning.
we have a system that we've been done plain authorizations via FreeRADIUS - the device sends the following RADIUS request username: userid password: userid (ie the system sends the username and makes the password the same) okay. fair enough....a bit of unlang and a check that if the username = password then set the Auth-Type to something false et voila. all okay. it has now been decided to also do authentication via RADIUS and this is where things get messy. by removing the Auth-Type kludge, we can successfully authenticate a real user with their real password.... however, the authorization now fails because the device still sends username/password with the password the same as the username - this now hits the FreeRADIUS server which cannot find a valid Auth-Type for the user and thus fails authentication and therefore sends back a 'blurgh' to the box requesting authorization. this is to be expected because there is nothing in the request to distoniguish between an authorization request and an authentication request. so the question is, how do we handle this so that the system can send a username=password for authorization AND a proper authentication can happen WITHOUT (hers a gotcha) the user doing something cute like putting their username in as their password! ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
