No Auth in Debian Lenny

Alan DeKok aland at
Tue Apr 20 18:28:20 CEST 2010

Jonathan Hutchins wrote:
> This is the documentation I was working from: 
> Not external after all.

  And not wrong, either.

> Yes, the main documentation is thorough, but while it specifies all off the 
> possible options and configurations, it's a bit difficult to winnow down to a 
> specific, simple example.

  The configuration files come with many, many, examples.  As does the
documentation (doc/ directory, FAQ, Wiki...) Perhaps there is another
place where we could add examples?

> NAS configuration is a perfect example.  It wasn't necessary to worry about it 
> in the 1.x configuration (for poptop at least),

  Because the NAS accepted the standard attributes.  Not all NASes do.

> and it's not clear to me what mechanism 1.x actually used.

  That's the real problem.  If you don't understand the 1.x config, then
2.x (which is slightly more complicated) will be a mystery.

>  I don't actually run a mechanism intended for 
> Network Authentication on my single-server network.  Do I need to worry about 
> PAM or Samba as login servers?  Do I need to worry that the Samba 
> configuration has changed from smbpasswd to tdbsam?

  Does that have any affect on the RADIUS packets?

> It looks to me like whatever the NAS configuration should be, it's working, 
> with the minor detail of parsing the domain or realm from the username.
> The current documentation is an excellent reference for the experienced expert 
> in FreeRADIUS.  It is not so useful as an introduction to someone merely 
> trying to accomplish a simple task.

  Like configuring attributes that go in the Access-Accept?

  What part of the "users" file is hard to understand?  The format and
behavior hasn't really changed in *15 years*.  There are literally
dozens of examples in the "users" file, and hundreds more on the web.

  Alan DeKok.

More information about the Freeradius-Users mailing list