PopTop

Thibault Le Meur Thibault.LeMeur at supelec.fr
Tue Apr 20 10:27:19 CEST 2010 

----- Message de hutchins at tarcanfel.org ---------
     Date : Mon, 19 Apr 2010 19:41:44 -0500
      De : Jonathan Hutchins <hutchins at tarcanfel.org>
Répondre à : FreeRadius users mailing list  
<freeradius-users at lists.freeradius.org>
  Objet : Re: PopTop
       À : FreeRadius users mailing list  
<freeradius-users at lists.freeradius.org>


> On Monday 19 April 2010 07:16:52 pm Thibault Le Meur wrote:
>
>> Please can you explain why you think it is obsolete ?
>
> It addresses the configuration in single-file format rather than the
> distributed file format that the current packaging (for Debian at least)
> uses.

Yes it is true, but this part seems easy once you've understood how to  
migrate from FR1 to FR2 which is required anyway to do a proper  
migration.

In fact this would be only a 3 lines changes in the article, so this  
is easy to fix as most of this HowTo is related to setting other  
components that FR ;-)


>
>> By the way, since I wrote this page, I have switched to 2.1.8 without pb.
>
> Arg!  Were you able to continue using the same configuration, or did it
> require a full rebuild?


No of course, when I switched to FR2 I rewrite all my configuration  
because I wanted a clean setup. It was time for me to remove old  
tricks I used in FR1 and replace them by unlang.

FR2 is so much more powerful.

>  I moved from a rather ancient Gentoo server that I believe was using an 1.x
> version to Debian Lenny 2.0.4, then upgraded to the 2.1.8 backport, and I
> can't get it to parse DOMAIN//user properly - it ignores the separator and
> comes up with a null "realm".  Curiously, it later displays the username as
> DOMAIN/name.

I can't help here, because I'm not using realm for PopTop authentication.
However I would check you modules/realm file and the ntdomain realm  
definition.
Then I would double check that the ntodimain instance is enabled in  
your pre-acct and authorize section.


>
> The current Debian packaging also requres that the mschap module file be
> edited, and that a sites-available file be linked to sites-enabled.

Yes this is the new approach.

>
> Thanks for the reply.  I think it's always harder to maintain/upgrade an
> existing configuration moved to a new platform than to build one from
> scratch.

Yes, especially this FR1 to FR2 migration requires some time, but it's  
worth it ;-)

Regards,
Thibault

More information about the Freeradius-Users mailing list