Setting up Radius
Mike
mike at mfenton.com
Wed Aug 9 22:19:09 CEST 2006
Alan DeKok wrote:
> Mike <mike at mfenton.com> wrote:
>
>> I am setting up FreeRadius to be used to authenticate dial-up and DSL
>> users (@place.com). I would like to use the unix passwd file because we
>> already have a radius server in place that is using the unix passwd
>> file. However, from what I understand CHAP will not work against the
>> unix passwd?
>>
>
> That's what the FAQ says.
>
>
>> Is this true, and does windows use this for dial-up and
>> PPPOE connections? I do not know what windows uses.
>>
>
> Windows uses whatever the user told it to use, which might be CHAP.
>
> Since CHAP won't work, the users will probably try PAP.
>
>
>> Also, I will simply make a script that will copy the passwd, shadow
>> file, and the group file somewhere and tell radius to use these files
>> oppose to the default files. This way I can revoke and grant people
>> access to the radius server.
>>
>
> Why? Create a Unix group called "disabled", and put users into that
> group. See the FAQ.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
Ok perfect, I got the unix group part working. Now my question is, will
windows try MS-CHAP and if that fails will it eventually try PAP? I know
PPPoE with Windows XP works like this. It will first try one method and if that fails it will try another method until it has to use PAP. Will dial-up also work this way, and is would this be for all versions of windows?
More information about the Freeradius-Users
mailing list