pfSense » pfSense Packages

Hi all,
has anyone encountered this particular issue with Freeradius3 0.15.7_33 with LDAP when a user tries to authenticate using username/password?
(0) Login incorrect (Failed retrieving values required to evaluate condition): [ettore] (from client localhost port 0)

Since I have a standalone instance of freeradius that works well I modified manually the file /usr/local/etc/raddb/sites-enabled/default and, using the same configuration I have on the standalone instance, everything works fine.

Attached you can find the original virtual-server-default.conf and the patched one and you can easily find the diffs.

In the mods-available/ldap file there is a comment with the instructions to use in order to configure the ldap authentication/authorization: these instructions are not present in the original virtual-server-default.conf in the authorize section.

        #  Note: set_auth_type was removed in v3.x.x
        #
        #  Equivalent functionality can be achieved by adding the
        #  following "if" statement to the authorize {} section of
        #  the virtual server, after the "ldap" module.  For example:
        #
        #    ...
        #    ldap
        #    if ((ok || updated) && User-Password && !control:Auth-Type) {
        #        update {
        #            control:Auth-Type := ldap
        #        }
        #    }
        #    ...
        #

In the patched virtual-server-default.conf I added these lines and I needed to comment some other instructions.

Of course I can propose a PR in order to build a valid virtual-server-default file for ldap authentication but I cannot figure out the impact on the other authentication mechanisms.