Check for NOOP from opendir.c

author bduncan <bduncan@apple.com>

Tue, 22 Sep 2009 16:23:47 +0000 (09:23 -0700)

committer Alan T. DeKok <aland@freeradius.org>

Thu, 24 Sep 2009 15:32:42 +0000 (17:32 +0200)
author bduncan <bduncan@apple.com>
Tue, 22 Sep 2009 16:23:47 +0000 (09:23 -0700)
committer Alan T. DeKok <aland@freeradius.org>
Thu, 24 Sep 2009 15:32:42 +0000 (17:32 +0200)
diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c

index d3159c3..9f2db5b 100644 (file)
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -1243,12 +1243,19 @@ static int mschap_authenticate(void * instance, REQUEST *request)
  
  #ifdef __APPLE__
                 /*
-                *      No "known good" NT-Password attribute.  Try to do
-                *      OpenDirectory authentication.
+                *  No "known good" NT-Password attribute.  Try to do
+                *  OpenDirectory authentication.
+                *
+                *  If OD determines the user is an AD user it will return noop, which
+                *  indicates the auth process should continue directly to AD.
+                *  Otherwise OD will determine auth success/fail.
                  */
                 if (!nt_password && inst->open_directory) {
-                       RDEBUG2("No NT-Password configured. Trying DirectoryService Authentication.");
-                       return od_mschap_auth(request, challenge, username);
+                       RDEBUG2("No NT-Password configured. Trying OpenDirectory Authentication.");
+                       int odStatus = od_mschap_auth(request, challenge, username);
+                       if (odStatus != RLM_MODULE_NOOP) {
+                               return odStatus;
+                       }
                 }
  #endif
                 /*
author	bduncan <bduncan@apple.com>
	Tue, 22 Sep 2009 16:23:47 +0000 (09:23 -0700)
committer	Alan T. DeKok <aland@freeradius.org>
	Thu, 24 Sep 2009 15:32:42 +0000 (17:32 +0200)