I can't find where this conditional processing is happing. I have two FR
servers with "nearly" the same config. Auth works on one, but not the other:
Both servers set auth type to MS-CHAP:
"[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok"
Everything is the same up to the "PAP" warning message, then:
- Server that works uses MSCHAP:
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
...
Login OK:
- Server that FAILS:
++? if (!control:Auth-Type)
? Evaluating !(control:Auth-Type) -> FALSE
++? if (!control:Auth-Type) -> FALSE
Found Auth-Type = ntlm_auth
+- entering group authenticate {...}
...
Login incorrect:
Ignore why ntlm_auth is failing - I'll figure that out later if needed. What I
need to know is WHY it's not just using MSCHAP like the working server and
doing some conditional processing to set the Auth-Type? I checked "all" the
conf files I can think of and can't seem to find this... Any clues would be
appreciated.
Thanks!
Gary
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in
1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
