> At the moment I am testing with PAP.
Ok. Because it will only ever work with PAP.
> What do you mean with 'the md5 xlat'.
xlat are placeholders in strings, usually used for substituting attribute
values, for example:
update reply {
Reply-Message := "Hello %{User-Name}"
}
The %{User-Name} is an xlat expansion.
The xlat expansion "%{md5:<text>}" expands to an md5 hash of <text>. So you
have something like:
if ("%{md5:%{User-Password}:%{Salt}}" == %{<database password>}) {
update control {
Auth-Type := 'Access-Accept'
}
}
There's also an %{sql:<text>} xlat, which executes the <text> portion as a
query and expands to the first column of the first row in the result set.
In the above condition you could use the sql xlat in place of %{Salt} and
%{<database password>} to retrieve the bits of info you need to authenticate
the user, though it's a little inefficient as you have to query twice.
There are ways to work around the limitations of sql xlat, for example you can
CONCAT the values of two columns and then break them apart with a regex and
capture groups. See man unlang.
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
