Federico Giannici wrote: > Federico Giannici wrote: >> Alan DeKok wrote: >>> Federico Giannici wrote: >>>> Now we have to check every authentication against TWO different >>>> passwords (it's OK if ONE is matched). Something like setting two >>>> different and alternative "User-Password" attributes... >>> Sort of. See doc/configurable_failover. >> I read it, but I'm a little confused... >> >> How can I use it to make the AUTHENTICATE sections to be tried a SECOND >> time (with a different Cleartext-Password set by an authorization >> module), if the first time the authentication failed? > > OK, I think I understood how to implement it by means of group{}: if the > pap/chap/etc authentication fails then I have to call the authentication > routine of my module to change the "Cleartext-Password" and then call > the pap/chap/etc authentication again. > I'm I right?
OK, it seems to work. At the end of this email there is my authenticate{} section. Is it correct? Is there a simpler way to implement it? Please note that "nm" is my custom module that eventually does a pairreplace() of the "User-Password" attribute. It only returns RLM_MODULE_UPDATED or RLM_MODULE_NOOP. Thanks. authenticate { Auth-Type PAP { group { pap { notfound = return noop = return ok = return updated = return fail = return reject = 1 userlock = return invalid = return handled = return } nm { noop = reject updated = 1 } pap { notfound = return noop = return ok = return updated = return fail = return reject = return userlock = return invalid = return handled = return } } } Auth-Type CHAP { group { chap { notfound = return noop = return ok = return updated = return fail = return reject = 1 userlock = return invalid = return handled = return } nm { noop = reject updated = 1 } chap { notfound = return noop = return ok = return updated = return fail = return reject = return userlock = return invalid = return handled = return } } } Auth-Type MS-CHAP { group { mschap { notfound = return noop = return ok = return updated = return fail = return reject = 1 userlock = return invalid = return handled = return } nm { noop = reject updated = 1 } mschap { notfound = return noop = return ok = return updated = return fail = return reject = return userlock = return invalid = return handled = return } } } } -- ___________________________________________________ __ |- [EMAIL PROTECTED] |ederico Giannici http://www.neomedia.it ___________________________________________________ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html