On 28/06/13 14:03, Arran Cudbard-Bell wrote:
On 28 Jun 2013, at 11:50, Phil Mayers <p.may...@imperial.ac.uk>
wrote:
On 28/06/13 08:14, Mathieu Simon wrote:
Second, I can't remember if mschap checks the acct control
flags in "authorize" or "authenticate". If the latter you'll
need to move away from using LDAP bind for auth
Hmm, I guess that would require me studying the code :-\
I've just taken a look - sure enough, rlm_mschap only
checks/enforces the SMB-Account-CTRL attribute during "authenticate
{}".
Since your testing auth request was PAP, mschap will never be
called for this, so you're stuck basically.
Seeing as it's a string value, can't he just pull it out of the
directory using the attribute map and check it with a regex?
Sorry, yes. "stuck" is not correct. I meant "can't use the mschap module
for this".
Numerous other solutions exist, and regexp is probably the easiest.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
