PAP questions.

Keith Woodworth kwoody at citytel.net
Tue Aug 22 08:48:10 CEST 2006


Try this again, I hope someone can answer these or at least shed some
light.

Been trying to do PAP authentication with the crypt'd password stored in
mysql. We, unfortunately have to do PAP.

This has been done for the most part and works, but I had to go against
what deployingradius.com said w/regards to using Auth-Type as I have not
found an alternative that seems to work right.

I'm using stock radiusd.conf that comes with 1.1.2, except proxy is set to
no.

To make this work I added a user to radcheck with a crypt'd password:

+----+------------+----------------+----+---------------+
| id | UserName   | Attribute      | op | Value         |
+----+------------+----------------+----+---------------+
|  1 | bob        | Password       | == | test          |
|  4 | tester     | Crypt-Password | == | gmxwp4dfOcHAI |
+----+------------+----------------+----+---------------+

In radgroupcheck:

+----+-----------+-----------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-----------+----+-------+
|  1 | default   | Auth-Type | := | PAP   |
|  2 | admin     | Auth-Type | := | PAP   |
+----+-----------+-----------+----+-------+

In radgroupreply:

+----+-----------+--------------------+----+---------------------+------+
| id | GroupName | Attribute          | op | Value               | prio |
+----+-----------+--------------------+----+---------------------+------+
|  1 | default   | Service-Type       | := | Framed-User         |    0 |
|  2 | default   | Framed-Protocol    | := | PPP                 |    0 |
|  3 | default   | Framed-Compression | := | Van-Jacobsen-TCP-IP |    0 |
|  4 | default   | Framed-MTU         | := | 1500                |    0 |
|  5 | admin     | Service-Type       | := | Administrative-User |    0 |
|  6 | default   | Framed-Routing     | := | None                |    0 |
|  7 | default   | Framed-IP-Netmask  | := | 255.255.255.255     |    0 |
+----+-----------+--------------------+----+---------------------+------+

and the usergroup table:

+----+------------+-----------+
| id | UserName   | GroupName |
+----+------------+-----------+
|  5 | bob        | admin     |
| 10 | tester     | default   |
+----+------------+-----------+

With this setup user tester can dialup, login and setup a ppp connection
and it works.

The one main issue is that the user has to be both in the usergroup table
and the radcheck table for this to work. Is there a way to just have the
username in just radcheck for example? What is needed to setup a default
profile for all users to authenticate via PAP w/o having to set
auth-type=pap? Is that possible?

Thanks for any replies.
Keith



More information about the Freeradius-Users mailing list