huntgroups are failing auth - missing Chap Password

Terry Pelley Terry.Pelley at ocdsb.ca
Wed May 14 13:19:23 CEST 2008


Thanks to all who offered assistance.  I figured it out.

FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
writes:
>
>FreeRadius users mailing list <[
>mailto:freeradius-users at lists.freeradius.org
>]freeradius-users at lists.freeradius.org> writes:
>>I must be missing something here, likely due to my limited experience
>with
>>FreeRADIUS. 
>
>No, all you have to do is to be able to read. With care and understanding.
>
>OK, I'll Re-read again.
>
>>After re-reading the instructions in the users file the only
>>thing I can see that is relevant when using huntgroups is an entry for a
>>user that has no User-Password attribute assigned which I assume means
>>that the default Auth-Type System will kick in and look the password up
>in
>>an other file someplace.  What I don't know is the location of this file
>>and how to go about adding the password for my users.
>
>Forget hungroups. That part is fine. Password attribute is the problem.
>So you have re-read instructions in users file. Did you find
>User-Password used in any of the examples? Or perhaps some other
>password attribute? The one that debug suggests is missing?
>
>As I said before, the only example of using a huntgroup I can see in the
>users file does not list a password attribute at all. so assuming that I
>should set the attribute to either CHAP-Password =="password" or
>Cleartext-Password == "password" I tried both and of course neither works.
>
>testuser Huntgroup-Name =="testgroup", CHAP-Password == "password" yields
>the same error as having used Cleartext-Password, User-Password or no
>password at all.
>
>>
>>Is the use of a huntgroups file the best way for me to accomplish what I
>>am trying to do? I want to limit user Bob so that he can only login from
>>one specific access point.
>>
>
>For a single device NAS-IP-Address should be better (avoiding use of
>huntgroups). For a groups of devices hungroups work well as long as the
>(hunt)groups don't overlap.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>-
>List info/subscribe/unsubscribe? See [
>http://www.freeradius.org/list/users.html
>]http://www.freeradius.org/list/users.html
>
> -
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080514/5b2655d5/attachment.html>


More information about the Freeradius-Users mailing list