Setup questions- client & user secrets
Hi. I'm fairly new to the RADIUS stuff. I'm trying to setup FreeRadius 1.0.1 as a failover (secondary) server on a remote network. I've RadTest-ed and NTRadPing-ed the basic installation and it seems to work fine. My current RADIUS server is a commercial product running on a Win 2k machine (local network). Exporting the clients & users data from this server for use in the FreeRadius server gave me encrypted secrets for both clients & users. The secret strings I get are all 264 characters long. I tried using these as-is in 'clients.conf' and the 'users' files. FreeRadius won't even start with these. Should I be using these encrypted secrets in the clients.conf & users files at all or should I ask for the cleartext secrets from the NAS clients and use those instead? I'm using plain PPP (NAS clients' requirement). Does that mean I can use PAP and CHAP authentication or PAP only? Thanks.
"Padmanabhan Ramaswamy" <Swamy@BestReg.com> wrote:
Exporting the clients & users data from this server for use in the FreeRadius server gave me encrypted secrets for both clients & users.
Huh? The shared secrets used by RADIUS are clear-text. There are no secrets for users.
should I ask for the cleartext secrets from the NAS clients and use those instead?
Yes.
I'm using plain PPP (NAS clients' requirement). Does that mean I can use PAP and CHAP authentication or PAP only?
I'll bet that the answer is PAP only. Alan DeKOk.
participants (2)
-
Alan DeKok -
Padmanabhan Ramaswamy