Dusty Here's the info requested......PAP ok No Chap new Installation.

Dusty Doris freeradius at mail.doris.cc
Fri Jul 8 16:08:29 CEST 2005


On Thu, 7 Jul 2005, Radius wrote:

> OK I can do this, but will the PAP that uses the /etc/passwd be prevented?
>
> We have both running here.

Good question, I think it would.  Is there any reason you're using both
/etc/passwd and mysql?  Why not just use mysql?

>
> Do I need to add a Auth == Local or something like that after that so it
> will
> check the MySql database when the /etc/passwd fails?
>
> Maybe my Fallthough is wrong for 1.0.4. This is runing ok in 0.9.3
>
> Thanks
> Bob
>

If there is something coming in the packet that would definately tell you
whether they were in sql or /etc/passwd, then you could edit your users
file to handle that.  Say, if a certain realm, then set Autz-Type to sql,
otherwise, set Autz-Type to system.  Check out doc/Autz-Type in the
sourcecode.

If you can't tell whether or not a user would be in sql or /etc/passwd,
then you will probably want to do one of two things.  First, migrate all
the /etc/passwd users into sql.  That would be the preferred method (to me
at least).  Secondly, check out doc/configurable_failover.  That document
will show you how to do grouping so that you can try one thing first and
if that fails, try another before rejecting the user.

Its interesting that it worked for you fine in .9, but not now.  As I
learn more about your setup, I can say that I've never done this before
(using mysql and /etc/password with PAP and CHAP).  Since it used to work,
I have to think that there is just one small thing that needs to be
tweaked.

Perhaps there is someone on the list that has an easier suggestion for
you than what I had above.  But you could always throw it together on your
lab machine and give it a try and see how it goes.

Hope that is a little helpful, at least maybe pointing to some
documentation that might interest you.

Dusty Doris



More information about the Freeradius-Users mailing list