Good afternoon All If somebody could answer this question form I would be most grateful.
I have configured freeradius-3.0 and all works well when I am using the users file for authentication. I wish however to use the shadow file and the users file together. I have uncommented the /etc/shadow (My O/S is Solaris 8) line in the radiusd.conf file. I am also running radius with a user that can read the shadow file. My problem is covered slightly in the radius FAQ but I think i am missing the point. As I wish to use CHAP and PAP. When I use a windows 2000 machine and configure dialup networking to use "typical recommended settings" i.e. Allow unsecured password. Radius rejects the users name and password (please see below) #####OUT PUT FROM radius -X######################### --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 194.216.59.26:1038, id=74, length=105 User-Name = "gfrost" CHAP-Password = "I HAVE REMOVED THIS" NAS-IP-Address = 194.216.59.26 NAS-Port = 20102 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP State = 0x Calling-Station-Id = "02089617000" Acct-Session-Id = "352283926" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns ok users: Matched DEFAULT at 8 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate rlm_unix: Attribute "Password" is required for authentication. Cannot use "CHAP-Password". modcall[authenticate]: module "unix" returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. Sending Access-Reject of id 74 to 194.216.59.26:1038 ##################END OUT PUT FROM radiusd -X ################# (Sorry if is becoming a long question) If I force the dialup connection to use PAP it works fine. This gives me the problem of having to telling my users to choosing PAP in their configuration. When I put the username in the /etc/ahadow file and set it to CHAP when its in the users file. (I wish to use the users file as an exception to the normal configuration say if the user can use both channels on the ISDN. Something like that) I thought you could set up the following in the users file so you could use both. ##################TOP OF USERS FILE ####################### DEFAULT Auth-Type := System # telling radius to look at /etc/shadow first? Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Routing = None, Ascend-Assign-IP-Pool = 1, X-Ascend-Idle-Limit = 1800, Fall-Through = Yes # Apply to all a Auth-Type := Local, Password == "a" # I Use this line to set to CHAP password aa Auth-Type := Reject # I used this line to reject users I this case the user name is aa Service-Type == Login-User, Reply-Message = "Mailbox only account. Please Use a different account..", Ascend-TS-Idle-Limit = 1 ####################################END USERS FILE##################### Again sorry if this email has become long winded but im running out of hair and need some guidance. Regards Gareth Frost - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html