Hi I want to disable PAP and other authenticaiton methods and use only CHAP. Means if user request does not contain CHAP is should be Rejected. I have tried to disable PAP from the modules and /usr/local/etc/raddb/sites-enabled/default, but still the Access is Accepted. how to enable only CHAP?? # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop [suffix] No '@' in User-Name = "eala", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry egalqa at line 91 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. User-Password in the request is correct. # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 13 to 192.168.1.209 port 2788 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 172.16.3.33 Framed-IP-Netmask = 255.255.255.0 Framed-Routing = Broadcast-Listen Framed-Filter-Id = "std.ppp" Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP Finished request 4. -- br, Navodit Bhardwaj Hughes Systique Corporation
On Thu, May 30, 2013 at 12:22 PM, Navodit Bhardwaj <navodit.bhardwaj@gmail.com> wrote:
Hi
I want to disable PAP and other authenticaiton methods and use only CHAP. Means if user request does not contain CHAP is should be Rejected.
I have tried to disable PAP from the modules and /usr/local/etc/raddb/sites-enabled/default, but still the Access is Accepted.
how to enable only CHAP??
If you use latest 2.x version, and have followed the basic guide on wiki page, you can use something like this on sites-enabled/default: authenticate { ... Auth-Type PAP { reject } ... } It should reject all pap requests. -- Fajar
Thanks Fajar, That was great help. On Thu, May 30, 2013 at 12:03 PM, Fajar A. Nugraha <list@fajar.net> wrote:
On Thu, May 30, 2013 at 12:22 PM, Navodit Bhardwaj <navodit.bhardwaj@gmail.com> wrote:
Hi
I want to disable PAP and other authenticaiton methods and use only CHAP. Means if user request does not contain CHAP is should be Rejected.
I have tried to disable PAP from the modules and /usr/local/etc/raddb/sites-enabled/default, but still the Access is Accepted.
how to enable only CHAP??
If you use latest 2.x version, and have followed the basic guide on wiki page, you can use something like this on sites-enabled/default:
authenticate { ... Auth-Type PAP { reject } ... }
It should reject all pap requests.
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- br, Navodit Bhardwaj Hughes Systique Corporation
participants (2)
-
Fajar A. Nugraha -
Navodit Bhardwaj