Auth All but only for those in my clients.conf
Dusty Doris
freeradius at mail.doris.cc
Mon Dec 19 21:02:43 CET 2005
>> The secret in your clients.conf file is used to encrypt and sign packets
>> between the clients and the server. It is not used for authentication.
>
> Based on what you mention here and what someone else on the list mentioned
> earlier, I think the reason the secret is ignored is because it is used to
> encrypt the auth info which is basically non existant in an Auth All
> situation.
>
> Am I getting this correct now?
Yep
> Well, I don't understand the huntgroups and all just yet, I am new to
> FreeRadius (not to Radius in general, just FreeRadius). So, will this fix my
> issue where only CHAP request are rejected? I am only having trouble with
> CHAP request at this time, all other request from allowed clients in the
> clients.conf file are getting an Accept back just as I want.
>
The huntgroups file is pretty easy to understand. Just read the comments
in it.
But, now that you mention it. Your Auth-Type := Accept is still working
with chap. Perhaps what I told you won't make a difference. Do you have
anything in your authorize and authenticate section? Perhaps you ought to
just try this.
Comment out everything in authorize except for preprocess and files, so it
would look like this w/out the comments.
authorize {
preprocess
files
}
authenticate {
}
That way the only thing that is touched is the users file. I'd be willing
to bet that you have chap listed in authorize right now and its before
the files section.
So, its hitting the chap section of authorize and doesn't see a chap
passwd and fails which causes a reject before it even gets to the files
section.
Just a guess?
More information about the Freeradius-Users
mailing list