From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 13 Feb 2023 13:28:32 +0000 (-0500)
Subject: don't set Auth-Type from Authentication-Type
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5952d74714145af6d64a502c87d4ab98ac5c25f;p=thirdparty%2Ffreeradius-server.git

don't set Auth-Type from Authentication-Type

They're both integers, and their enumeration values are different.
the names are the same, but we can't copy names.

Or maybe we want to do that?
---

diff --git a/raddb/sites-available/tacacs b/raddb/sites-available/tacacs
index c9394a64a72..4a219c3089a 100644
--- a/raddb/sites-available/tacacs
+++ b/raddb/sites-available/tacacs
@@ -273,13 +273,17 @@ server tacacs {
 	#
 	#  ### Recv
 	#
- 	recv Authentication-Start {
+	recv Authentication-Start {
 		-sql
 
 		#
-		#  Set _our_ authentication method to the _requested_ one.
+		#  In general, it is not necessary to set `Auth-Type` here.  The packet header
+		#  contains a TACACS `Authentication-Type` with value `PAP`, `CHAP`, etc.  That value will
+		#  be used automatically.
+		#
+		#  The only reason to set `Auth-Type` here is when you want to use a custom
+		#  authentication method, such as `ldap`.
 		#
-		&control.Auth-Type := &Authentication-Type
 	}
 
 	authenticate PAP {