Auth All but only for those in my clients.conf

[Mojo Jojo]

> You want to allow any client that matches what is in the clients.conf file 
> in, correct?

Well, sort of.. I want to allow any authentication request which comes in 
from a client which is contained in the clients.conf file.


> The secret in your clients.conf file is used to encrypt and sign packets 
> between the clients and the server.  It is not used for authentication.

Based on what you mention here and what someone else on the list mentioned 
earlier, I think the reason the secret is ignored is because it is used to 
encrypt the auth info which is basically non existant in an Auth All 
situation.

Am I getting this correct now?


> Have you tried adding the IPs to some type of backend?
>
> For example, if you used the users file and huntgroups file.
>
> In huntgroups.
>
> allow Client-IP-Address == 1.1.1.1
> allow Client-IP-Address == 1.1.1.2
> allow Client-IP-Address == 1.1.1.3
>
> Then in users file
>
> DEFAULT Huntgroup-Name == allow, Auth-Type := Accept
>
> DEFAULT Auth-Type := Reject

Well, I don't understand the huntgroups and all just yet, I am new to 
FreeRadius (not to Radius in general, just FreeRadius). So, will this fix my 
issue where only CHAP request are rejected? I am only having trouble with 
CHAP request at this time, all other request from allowed clients in the 
clients.conf file are getting an Accept back just as I want.

Since we use Qwest dialup as one of our wholesale solutions, they send CHAP 
and these are getting rejected still, all other vendors are working fine.