Confused what to do next~How to understand FreeRadius

Fajar A. Nugraha list at fajar.net
Tue Sep 27 12:10:39 CEST 2011


On Tue, Sep 27, 2011 at 4:25 PM, snan4love <snan4love at hotmail.com> wrote:
> Here is a first little problem.Right now i could add and delete user in the
> radcheck table of MySQL,but all the passwords were stored in cleartext?

Depending on which tutorial you follow, yes.

> is
> this the only way to store this password?

Nope

> is it safe enough?

Depends. See faq, start from
http://wiki.freeradius.org/FAQ#PAP+authentication+works+but+CHAP+fails

You should be able to store passwords as NT-Password instead of
Cleartext-Password if you only use pap and chap. Considering your
level of knowledge, I don't recommend doing so at this stage though.

> is it could be
> store in the format of ****** like what we set in the wpa-psk mode?

Just because you can't SEE it (i.e. *****) doesn't mean windows or the
AP store it in encrypted format. So your question is not relevant.


>
> Most Seriously, I am confused how to implement the "Authority Step" and
> "Accounting Step".
> For the "Authority Step",in my thought, I should create several different
> GROUPs, each GROUP has different authority,and then divide the users into
> different GROUPs and get different  authority. Is that correct?
> For the "Accounting Step",i used DaloRadius,but found out there are few help
> for this web base management system online, and the MANUAL will cost
> $250.

Sorry, your question makes me confused. At this moment I suggest you
write which tutorial/manual you're following, and ask the
author/community list/forums.

> For example, there are 9 tables in the defalut mysql scheme, like
> radcheck,radacct,nas,radgroup,radgroupreply etc, is there a document to
> describe these features?

Start with doc/rlm_sql. The docs are there for a purpose you know.

-- 
Fajar




More information about the Freeradius-Users mailing list