On 28 Jun 2013, at 11:50, Phil Mayers <p.may...@imperial.ac.uk> wrote:
> On 28/06/13 08:14, Mathieu Simon wrote: > >>> Second, I can't remember if mschap checks the acct control flags in >>> "authorize" >>> or "authenticate". If the latter you'll need to move away from using LDAP >>> bind for auth >> Hmm, I guess that would require me studying the code :-\ > > I've just taken a look - sure enough, rlm_mschap only checks/enforces the > SMB-Account-CTRL attribute during "authenticate {}". > > Since your testing auth request was PAP, mschap will never be called for > this, so you're stuck basically. Seeing as it's a string value, can't he just pull it out of the directory using the attribute map and check it with a regex? Or is it more complicated than that? -Arran Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html