Univention Bugzilla – Bug 53263
Broken Config when switching to auth-type ttls
Last modified: 2022-01-27 10:35:49 CET
Setting ucr set freeradius/conf/auth-type/mschap=no ucr set freeradius/conf/auth-type/ttls=yes creates a broken config: freeradius[7651]: /etc/freeradius/3.0/mods-enabled/eap[831]: Failed to find 'Auth-Type MS-CHAP' section. Cannot authenticate users. Fix: --- /etc/univention/templates/files/etc/freeradius/3.0/mods-available/eap.orig 2020-11-24 19:45:21.000000000 +0100 +++ /etc/univention/templates/files/etc/freeradius/3.0/mods-available/eap 2021-05-16 16:24:20.532854512 +0200 @@ -860,7 +860,13 @@ # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not # currently support. # - mschapv2 { +@!@ +auth_type = configRegistry.get('freeradius/conf/auth-type/mschap', 'FALSE') +if auth_type and 'TRUE' == auth_type.upper() or 'YES' == auth_type.upper(): + print('\t mschapv2 {') +else: + print('\t# mschapv2 {') +@!@ # Prior to version 2.1.11, the module never # sent the MS-CHAP-Error message to the # client. This worked, but it had issues @@ -884,7 +890,13 @@ # RADIUS server. Or, some information to uniquely # identify it. # identity = "FreeRADIUS" - } +@!@ +auth_type = configRegistry.get('freeradius/conf/auth-type/mschap', 'FALSE') +if auth_type and 'TRUE' == auth_type.upper() or 'YES' == auth_type.upper(): + print('\t}') +else: + print('\t# }') +@!@ ## EAP-FAST #