Hi, both methods worked: moving into authorize (but after calling the suffix module, which sets Stripped-User-Name), and also the "ok" hack in authenticate.
We chose to move to authorize, as it's more easily understandable.
Thanks for the help!
Greetings,
Stefan Winter
On 09.05.2012 11:17, Stefan Winter wrote:
> Hi,
>
> yet another subtlety I didn't know of... I'm checking with my client
> whether either moving it to authorize or putting the "ok" in front will
> do the trick.
>
> I'll let the list know of the outcome so that the collective list
> intelligence a.k.a. archive will have the answer for later.
>
> Thanks,
>
> Stefan
>
> On 09.05.2012 09:56, Alan DeKok wrote:
>> Stefan Winter wrote:
>>> noone with a hint?
>>
>> Hmm... the default return code for things in the "authenticate"
>> section is "reject". And the "update" sections just pass through the
>> *previous* return code.
>>
>> You might try this as a hack:
>>
>> Auth-Type MS-CHAP {
>> ok
>> if (..) {
>> }
>> else {
>> }
>> mschap
>> }
>>
>> The "ok" at the start will over-ride the default "reject"
>>
>> Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
