FreeRadius out of the box....
Phil Mayers
p.mayers at imperial.ac.uk
Wed Apr 5 10:46:09 CEST 2006
Tony Spencer wrote:
> On testing I found users still couldn't authenticate by PAP or CHAP, I
> run "radiusd -X" and from what I could see its because of the Default
> setting:
>
> DEFAULT Auth-Type = System
>
> Fall-Through = 1
>
>
That is no longer in the default config in CVS. If/when it'll make it
into a release version, one of the developers would have to reply.
>
> What do I need to change to get Freeradius to accept both PAP and CHAP
> authentication?
>
Remove that entry for a start.
FR 1.0.1 isn't a version I have installed or the source knocking around
for, but at least in current versions (fixed in CVS) the handling of PAP
and Auth-Type is a little inconsistent - there's no authorize handler
for PAP.
You want something like:
modules {
pap {
encryption_scheme = clear
}
chap {
authtype = CHAP
}
# .. rest of modules
}
authorize {
preprocess
chap
files
}
authenticate {
Auth-Type CHAP {
chap
}
Auth-Type PAP {
pap
}
}
...and in "users":
username User-Password := "string", Auth-Type = PAP
...since the Auth-Type is set using "=" if Auth-Type is ALREADY CHAP
from the chap module, it won't be changed. If it isn't set, it'll be set
to PAP and executed appropriately.
More information about the Freeradius-Users
mailing list