FreeRadius out of the box....

[Tony Spencer]

Phil

Thanks for that.
I'll do some testing out of hours this evening and see how it goes.

Tony

-----Original Message-----
From: freeradius-users-bounces+tony=games-master.co.uk at lists.freeradius.org
[mailto:freeradius-users-bounces+tony=games-master.co.uk at lists.freeradius.or
g] On Behalf Of Phil Mayers
Sent: 05 April 2006 09:46
To: FreeRadius users mailing list
Subject: Re: FreeRadius out of the box....

Tony Spencer wrote:
> On testing I found users still couldn't authenticate by PAP or CHAP, I 
> run "radiusd -X" and from what I could see its because of the Default 
> setting:
> 
> DEFAULT Auth-Type = System
> 
>         Fall-Through = 1
> 
>  

That is no longer in the default config in CVS. If/when it'll make it 
into a release version, one of the developers would have to reply.

> 
> What do I need to change to get Freeradius to accept both PAP and CHAP 
> authentication?
> 

Remove that entry for a start.

FR 1.0.1 isn't a version I have installed or the source knocking around 
for, but at least in current versions (fixed in CVS) the handling of PAP 
and Auth-Type is a little inconsistent - there's no authorize handler 
for PAP.

You want something like:

modules {
   pap {
     encryption_scheme = clear
   }
   chap {
     authtype = CHAP
   }
   # .. rest of modules
}
authorize {
   preprocess
   chap
   files
}
authenticate {
   Auth-Type CHAP {
     chap
   }
   Auth-Type PAP {
     pap
   }
}

...and in "users":

username User-Password := "string", Auth-Type = PAP

...since the Auth-Type is set using "=" if Auth-Type is ALREADY CHAP 
from the chap module, it won't be changed. If it isn't set, it'll be set 
to PAP and executed appropriately.
- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.