RADIUS Auth-Type
Phil Mayers
p.mayers at imperial.ac.uk
Mon Dec 5 23:58:16 CET 2005
Bohannan, Chad W wrote:
> I don't think that is the issue. The NAS authenticates my users just
> fine so long as the /etc/raddb/users file specifies the users
> "Auth-Type= System". What I want to figure out is how to make the
Then the NAS is using PAP.
Auth-Type == System is handled by rlm_unix, and rlm_unix uses the
getpwent family of calls (see "man rlm_unix").
Thus, unless you've got a very funny unix system, it retrieves the
crypted password from the system file, and the only possible
authentication algorithm it can support is PAP.
> authentication request proxy out to the AD server. Based on the tutorial
> & test results everything should be working, but I need to know what
> auth-type to use.
You cannot set the Auth-Type to "MS-CHAP" and have it work unless the
MS-CHAP challenge and response are in the radius request, which means
the NAS has to add them.
More information about the Freeradius-Users
mailing list