/CHANGELOG |
---|
5,6 → 5,10 |
NEWS |
- Replace DNSmasq server with Unbound |
CHANGES |
- Do not perform LDAP query for authentication of trusted authorized equipment. |
- Improve script syntax |
BUGS |
- Fix listening address for nfcapd (was 0.0.0.0 instead of 127.0.0.1) |
- Fix some typo |
14,9 → 18,6 |
- Fix LDAP users login without the "ldap" group created. |
- Fix bad certificates chain generation when using default certificates. |
CHANGES |
- Improve script syntax |
SECU |
- Merge bad username and bad password errors at user login. |
/conf/radius/alcasar-with-ldap |
---|
20,10 → 20,13 |
} |
authorize { |
ldap { fail = 1 } |
if ((ok || updated) && User-Password) { |
update control { |
Auth-Type := LDAP |
# if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) { |
if ((!&Calling-Station-Id) || (&User-Name != &Calling-Station-Id) || (!&User-Password) || (&User-Password != "password")) { # no LDAP query for @MAC |
ldap { fail = 1 } |
if ((ok || updated) && User-Password) { |
update control { |
Auth-Type := LDAP |
} |
} |
} |