Setting up Radius
Hello, I'd just like to say hi to everyone. I am setting up FreeRadius to be used to authenticate dial-up and DSL users (@place.com). I would like to use the unix passwd file because we already have a radius server in place that is using the unix passwd file. However, from what I understand CHAP will not work against the unix passwd? Is this true, and does windows use this for dial-up and PPPOE connections? I do not know what windows uses. Also, I will simply make a script that will copy the passwd, shadow file, and the group file somewhere and tell radius to use these files oppose to the default files. This way I can revoke and grant people access to the radius server. I saw an option in the radius.conf file for this. If this scenario will not work, is there a way I can achieve this using the unix passwd file, or making a script that will copy out all the users based on group names to a plain file that radius can use? Thank you for you time, Mike
Mike <mike@mfenton.com> wrote:
I am setting up FreeRadius to be used to authenticate dial-up and DSL users (@place.com). I would like to use the unix passwd file because we already have a radius server in place that is using the unix passwd file. However, from what I understand CHAP will not work against the unix passwd?
That's what the FAQ says.
Is this true, and does windows use this for dial-up and PPPOE connections? I do not know what windows uses.
Windows uses whatever the user told it to use, which might be CHAP. Since CHAP won't work, the users will probably try PAP.
Also, I will simply make a script that will copy the passwd, shadow file, and the group file somewhere and tell radius to use these files oppose to the default files. This way I can revoke and grant people access to the radius server.
Why? Create a Unix group called "disabled", and put users into that group. See the FAQ. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Alan DeKok wrote:
Mike <mike@mfenton.com> wrote:
I am setting up FreeRadius to be used to authenticate dial-up and DSL users (@place.com). I would like to use the unix passwd file because we already have a radius server in place that is using the unix passwd file. However, from what I understand CHAP will not work against the unix passwd?
That's what the FAQ says.
Is this true, and does windows use this for dial-up and PPPOE connections? I do not know what windows uses.
Windows uses whatever the user told it to use, which might be CHAP.
Since CHAP won't work, the users will probably try PAP.
Also, I will simply make a script that will copy the passwd, shadow file, and the group file somewhere and tell radius to use these files oppose to the default files. This way I can revoke and grant people access to the radius server.
Why? Create a Unix group called "disabled", and put users into that group. See the FAQ.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok perfect, I got the unix group part working. Now my question is, will windows try MS-CHAP and if that fails will it eventually try PAP? I know PPPoE with Windows XP works like this. It will first try one method and if that fails it will try another method until it has to use PAP. Will dial-up also work this way, and is would this be for all versions of windows?
participants (2)
-
Alan DeKok -
Mike