FreeRadius-ML wrote:
Now, I'm basically re-learning everything, as the world of OpenSER + FreeRadius is a little new to me, and sometimes frustrates me. The amount of documentation in the configuration files is great, but the lack of updated examples is somewhat annoying. Even Asterisk, which is one of the most undocumented environments in the world, has more configuration examples available.
The majority of FreeRADIUS installations put users & password into SQL or LDAP, and then don't touch it ever again. For them, the existing examples are mostly OK. For *complex* scenarios, RADIUS quickly gets more complicated than DNS, DHCP, Web servers, and (I suspect) Asterisk. There just isn't enough space in the world to document every configuration that everyone needs.
In any case, lets go back to what we were discussing. If I understand you correctly, on the FreeRadius side, I only need to enable digest based authentication and authorization, define the user in the users file - and that should be working just fine?
Yes. The entire *point* of the default configuration is to have as many authentication protocols as possible work... just by defining a user and password. See: http://deployingradius.com/documents/configuration/pap.html When 2.0 is released, defining a username & password will cause the following authentication methods to work: * PAP * CHAP * MS-CHAP * Digest * EAP-MD5 * EAP-MSCHAPv2 * Cisco LEAP * PEAP-MSCHAPv2 * PEAP-GTC * EAP-TTLS with * PAP * CHAP * MS-CHAP * EAP-MD5 * EAP-MSCHAPv2 Try *that* with any other program: "I added one line in a configuration file, and VOIP works, WiFi works, dial-up works, PPPoE works, VPN's work, for Apple, Windows, and Linux". No fighting, no fuss. Alan DeKok.