Federico Giannici wrote:
> Federico Giannici wrote:
>> Alan DeKok wrote:
>>> Federico Giannici wrote:
>>>> Now we have to check every authentication against TWO different
>>>> passwords (it's OK if ONE is matched). Something like setting two
>>>> different and alternative "User-Password" attributes...
>>> Sort of. See doc/configurable_failover.
>> I read it, but I'm a little confused...
>>
>> How can I use it to make the AUTHENTICATE sections to be tried a SECOND
>> time (with a different Cleartext-Password set by an authorization
>> module), if the first time the authentication failed?
>
> OK, I think I understood how to implement it by means of group{}: if the
> pap/chap/etc authentication fails then I have to call the authentication
> routine of my module to change the "Cleartext-Password" and then call
> the pap/chap/etc authentication again.
> I'm I right?
OK, it seems to work.
At the end of this email there is my authenticate{} section.
Is it correct?
Is there a simpler way to implement it?
Please note that "nm" is my custom module that eventually does a
pairreplace() of the "User-Password" attribute. It only returns
RLM_MODULE_UPDATED or RLM_MODULE_NOOP.
Thanks.
authenticate {
Auth-Type PAP {
group {
pap {
notfound = return
noop = return
ok = return
updated = return
fail = return
reject = 1
userlock = return
invalid = return
handled = return
}
nm {
noop = reject
updated = 1
}
pap {
notfound = return
noop = return
ok = return
updated = return
fail = return
reject = return
userlock = return
invalid = return
handled = return
}
}
}
Auth-Type CHAP {
group {
chap {
notfound = return
noop = return
ok = return
updated = return
fail = return
reject = 1
userlock = return
invalid = return
handled = return
}
nm {
noop = reject
updated = 1
}
chap {
notfound = return
noop = return
ok = return
updated = return
fail = return
reject = return
userlock = return
invalid = return
handled = return
}
}
}
Auth-Type MS-CHAP {
group {
mschap {
notfound = return
noop = return
ok = return
updated = return
fail = return
reject = 1
userlock = return
invalid = return
handled = return
}
nm {
noop = reject
updated = 1
}
mschap {
notfound = return
noop = return
ok = return
updated = return
fail = return
reject = return
userlock = return
invalid = return
handled = return
}
}
}
}
--
___________________________________________________
__
|- [EMAIL PROTECTED]
|ederico Giannici http://www.neomedia.it
___________________________________________________
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
