"Enterprise.net" <[EMAIL PROTECTED]> wrote: > My problem is covered slightly in the radius FAQ but I think i am missing > the point. As I wish to use CHAP and PAP.
If you're authenticating against /etc/shadow, you CANNOT use CHAP. > When I use a windows 2000 machine and configure dialup networking to use > "typical recommended settings" > i.e. Allow unsecured password. Radius rejects the users name and password > (please see below) ... > rad_check_password: Found Auth-Type System > auth: type "System" > modcall: entering group authenticate > rlm_unix: Attribute "Password" is required for authentication. Cannot use > "CHAP-Password". And it's telling you it can't use CHAP. > If I force the dialup connection to use PAP it works fine. Yes, that's what the FAQ says. > This gives me the problem of having to telling my users to choosing > PAP in their configuration. When I put the username in the > /etc/ahadow file and set it to CHAP when its in the users file. (I > wish to use the users file as an exception to the normal > configuration say if the user can use both channels on the > ISDN. Something like that) No... you can use PAP for both system and 'users' file authentication. > I thought you could set up the following in the users file so you could use > both. > ##################TOP OF USERS FILE ####################### > DEFAULT Auth-Type := System # telling radius to look at /etc/shadow > first? ... No, it's saying "by default, use System' > a Auth-Type := Local, Password == "a" # I Use this line to set to > CHAP password No, the 'Password' can be used either for PAP or CHAP. If you have that 'users' file configuration, you can tell all of the users to use PAP. It will work for everyone, and for system and 'users' file authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
