On 28 Jun 2013, at 11:50, Phil Mayers <p.may...@imperial.ac.uk> wrote:
> On 28/06/13 08:14, Mathieu Simon wrote:
>
>>> Second, I can't remember if mschap checks the acct control flags in
>>> "authorize"
>>> or "authenticate". If the latter you'll need to move away from using LDAP
>>> bind for auth
>> Hmm, I guess that would require me studying the code :-\
>
> I've just taken a look - sure enough, rlm_mschap only checks/enforces the
> SMB-Account-CTRL attribute during "authenticate {}".
>
> Since your testing auth request was PAP, mschap will never be called for
> this, so you're stuck basically.
Seeing as it's a string value, can't he just pull it out of the directory using
the attribute map and check it with a regex?
Or is it more complicated than that?
-Arran
Arran Cudbard-Bell <a.cudba...@freeradius.org>
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
