From 1715c6c76c0ebdc93f9f4f738e3a582ae2cf5940 Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Fri, 1 Dec 2017 13:49:31 +0200 Subject: [PATCH] auth: Use rip instead of real_rip in policy server attributes real_rip contains proxy IP, not client IP --- src/auth/auth-settings.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/auth/auth-settings.c b/src/auth/auth-settings.c index 6a6d8b7dfd..d54a149127 100644 --- a/src/auth/auth-settings.c +++ b/src/auth/auth-settings.c @@ -300,7 +300,7 @@ static const struct auth_settings auth_default_settings = { .policy_server_timeout_msecs = 2000, .policy_hash_mech = "sha256", .policy_hash_nonce = "", - .policy_request_attributes = "login=%{orig_username} pwhash=%{hashed_password} remote=%{real_rip} device_id=%{client_id} protocol=%s", + .policy_request_attributes = "login=%{orig_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s", .policy_reject_on_fail = FALSE, .policy_hash_truncate = 12,