PAP questions.

Keith Woodworth kwoody at citytel.net
Thu Sep 14 05:20:20 CEST 2006


On Sat, 9 Sep 2006, Keith Woodworth wrote:

|->|->
|->|->> And while Radius seems to send an Access-Accept, the dialup user gets an
|->|->> error 691 password invalid.
|->|->
|->|->  Because you're not sending the same reply attributes as in the
|->|->previous example.  Fix that.
|->|->
|->|->> Again I get Access-Accept, but a 691 password error on the client side.
|->|->
|->|->  Again because the replies are empty.
|->
|->Just testing a different way to do this I setup the users file with:
|->
|->DEFAULT Service-Type = Framed-User
|->        Framed-Protocol = PPP,
|->        Framed-Routing = None,
|->        Framed-IP-Netmask = 255.255.255.255,
|->        Framed-Compression = Van-Jacobsen-TCP-IP,
|->        Framed-MTU = 1500
|->
|->Now when I try to login:
|->

Again had to put this aside for a few days (really starting to grind on
me, its a wonder I actually get any work done)

Anyway so started in again on this.

One thing overall I think that has confused me is that I was trying to do
everything from SQL, which now I dont think I need to do.

Basicall: Have a user and their crypted password stored in SQL, have
radius query the database for that info, if its ok, start a PPP session.

Only way I could get that to work was have the username in both the
radcheck AND usergroup tables.

I didnt want it to work that way as it would be extra work to populate the
database from our current radius setup, which uses Auth-Type System.

I think I have figured it out, though not sure if its the correct way. Use
a combination of users(5) and SQL.

Have the user and password in radcheck, auth-type=local in radgroupcheck
and use the users(5) file to do the rest and it seems to finally work.

My users file:

DEFAULT
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-Routing = None,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Compression = Van-Jacobsen-TCP-IP,
        Framed-MTU = 1500

Using it like this works.

But as soon as I use it this way:

DEFAULT Service-Type = Framed-User
        Framed-Protocol = PPP,
        Framed-Routing = None,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Compression = Van-Jacobsen-TCP-IP,
        Framed-MTU = 1500

Why does the top way work and the bottom way not? And is this an
acceptable way to do it? Store the users and passwords in SQL and have the
Users file supply the rest?

Thanks,
Keith



More information about the Freeradius-Users mailing list