Phil Thompson <phil@yarwell.demon.co.uk> wrote:
no doubt, however it is interesting that many people come to a point where they make such a setting, don't you find.
At first, it appears to make sense to force MS-CHAP when you want to do MS-CHAP. Then, for some reason, everything else fails later.... and it's difficult to know why, because the server *is* doing what you told it to do. So you force it to do EAP, but then MS-CHAP breaks, and you're frustrated that it's so hard to configure.
If you could clarify why that is and fix it you wouldn't have to shout in mailing lists.
The reason for shouting it in mailing lists is that people *still* say it's a good thing to do, despite lots of documentation saying it's a bad idea, and near-daily messages on this list saying it's a bad idea. And your solution is... more documentation? Sorry, that won't help. The people who need it the most won't read it. I'm starting to think that removing Auth-Type from 2.0 is a good idea.
I have just verified it is not necessary by commenting it out, thanks.
See?
I think you're saying at http://deployingradius.com/documents/configuration/auth_type.html that a default auth-type is not necessary and should not be set. Is that so ? In which case having
DEFAULT Auth-Type = System
in the users file in the FreeRADIUS tarball helps to get us off on the wrong foot :-)
Yes. That's been deleted in 2.0, and many of the modules updated, in order to make it even easier to get it to work. I think it's high time for 2.0. I've been waiting for a few fixes for entirely too long now... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog