Removed option winbind_allow_mschapv2 in rlm_mschap

See the discussion at https://github.com/FreeRADIUS/freeradius-server/commit/37f2f6d8e09bdebdf3031e419c00a0d3193b074a for more information

diff --git a/raddb/mods-available/mschap b/raddb/mods-available/mschap
index e253f81af06c85667db8008fcb7c9b54050d6f83..4673fa7f9fd1d9931fcf1e4e1cdd9bb656b1d434 100644 (file)
--- a/raddb/mods-available/mschap
+++ b/raddb/mods-available/mschap
@@ -78,14 +78,6 @@ mschap {
 #      winbind_username = "%{mschap:User-Name}"
 #      winbind_domain = "%{mschap:NT-Domain}"
 
-       # When using the winbind daemon directly, it is possible to
-       # force accepting MSCHAPv2 authentication. This makes it
-       # possible to authenticate to an Active Directory that uses
-       # the local security policy 'Network Security: LAN Manager
-       # authentication level' setting was changed to 'Send NTLMv2
-       # Response Only. Refuse LM & NTLM'
-#      winbind_allow_mschapv2 = no
-
        #
        #  Information for the winbind connection pool.  The configuration
        #  items below are the same for all modules which use the new

diff --git a/src/modules/rlm_mschap/auth_wbclient.c b/src/modules/rlm_mschap/auth_wbclient.c
index a53772fad9b3f8f7339329cac9499cb0ac89c832..891df4384f5de0d6d68412963489cc59a6624d70 100644 (file)
--- a/src/modules/rlm_mschap/auth_wbclient.c
+++ b/src/modules/rlm_mschap/auth_wbclient.c
@@ -105,8 +105,7 @@ int do_auth_wbclient(rlm_mschap_t *inst, REQUEST *request,
        memcpy(authparams.password.response.challenge, challenge,
               sizeof(authparams.password.response.challenge));
 
-       if (inst->winbind_allow_mschapv2)
-               authparams.parameter_control |= WBC_MSV1_0_ALLOW_MSVCHAPV2;
+       authparams.parameter_control |= WBC_MSV1_0_ALLOW_MSVCHAPV2;
 
 
        /*

diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
index 63d0419f8ba06ccbbd419b4fcfaf4f6c6635cc87..1d648ad3a7abcb814a1c5e5a3821ebe8db5a1bf9 100644 (file)
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -560,7 +560,6 @@ static const CONF_PARSER module_config[] = {
        { "retry_msg", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_mschap_t, retry_msg), NULL },
        { "winbind_username", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_TMPL, rlm_mschap_t, wb_username), NULL },
        { "winbind_domain", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_TMPL, rlm_mschap_t, wb_domain), NULL },
-       { "winbind_allow_mschapv2", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_mschap_t, winbind_allow_mschapv2), "no" },
 #ifdef __APPLE__
        { "use_open_directory", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_mschap_t, open_directory), "yes" },
 #endif

diff --git a/src/modules/rlm_mschap/rlm_mschap.h b/src/modules/rlm_mschap/rlm_mschap.h
index d801e79564915de23dc5209659e85303d9ddd054..1ce1ad4a08c8caffdc97407d0615619eab5351de 100644 (file)
--- a/src/modules/rlm_mschap/rlm_mschap.h
+++ b/src/modules/rlm_mschap/rlm_mschap.h
@@ -39,7 +39,6 @@ typedef struct rlm_mschap_t {
        vp_tmpl_t               *wb_username;
        vp_tmpl_t               *wb_domain;
        fr_connection_pool_t    *wb_pool;
-       bool                    winbind_allow_mschapv2;
 #ifdef __APPLE__
        bool                    open_directory;
 #endif