Informations about Auth-Type section
Hi guys, I see on previous post that there is an idea to change sections on 3.1 and there is a comment related with Auth-Type module. 1. Currently, I'm using Auth-Type section for handle CHAP/PAP authentication. If Auth-Type section will be remove how I said to freeradius server to check for PAP or CHAP password ? 2. Currently on 3.0 tree Auth-Type is not usable inside pre-proxy or authorize section. Is there a way to handle authentication in proxy process (or in authorize or in pre-proxy section)? 3. If I undenstand correctly with 3.1 check if username/password are correct will be handled always in process section also for proxy flow. Is it correct? Thanks in advance geaaru
On Jun 9, 2015, at 5:30 AM, Geaaru <geaaru@gmail.com> wrote:
1. Currently, I'm using Auth-Type section for handle CHAP/PAP authentication. If Auth-Type section will be remove how I said to freeradius server to check for PAP or CHAP password ?
We're not stupid. We won't remove the ability to do PAP or CHAP.
2. Currently on 3.0 tree Auth-Type is not usable inside pre-proxy or authorize section. Is there a way to handle authentication in proxy process (or in authorize or in pre-proxy section)?
No. Because that doesn't make any sense.
3. If I undenstand correctly with 3.1 check if username/password are correct will be handled always in process section also for proxy flow. Is it correct?
No. Alan DeKok.
Ok. Thank you very much for reply. So, what is the idea for replace AuthType unlang syntax ? About point 2, in my case it makes sense. I have a use case like this: NAS --> Freeradius Server --> Radius Target and on Freeradius Server I do this: - on pre-proxy check username/password and Reject packet if username/password are wrong - on post-proxy if response from Radius Target is Access-Accept assign an IP address. It is a strange use case where Freeradius is a proxy with application logic. I can do that through sql.authorize + unlang or sql+unlang+python modules. I read again "authorize" etc. in v.3.1 thread and I think that a simplification could be a good idea. My cent. Thanks again. G. On Tue, 2015-06-09 at 08:08 -0400, Alan DeKok wrote:
On Jun 9, 2015, at 5:30 AM, Geaaru <geaaru@gmail.com> wrote:
1. Currently, I'm using Auth-Type section for handle CHAP/PAP authentication. If Auth-Type section will be remove how I said to freeradius server to check for PAP or CHAP password ?
We're not stupid. We won't remove the ability to do PAP or CHAP.
2. Currently on 3.0 tree Auth-Type is not usable inside pre-proxy or authorize section. Is there a way to handle authentication in proxy process (or in authorize or in pre-proxy section)?
No. Because that doesn't make any sense.
3. If I undenstand correctly with 3.1 check if username/password are correct will be handled always in process section also for proxy flow. Is it correct?
No.
Alan DeKok.
participants (2)
-
Alan DeKok -
Geaaru