On Tue, 15 Jan 2002, Chris Green wrote:
> Frank Cusack <[EMAIL PROTECTED]> writes:
> >
> > Looks like you need to update the dictionary? There's probably a
>
> Ahh I missed this step on a cvs update, this did stop the crashes as
> well as the CVS update.
>
> [ scurries to work a bit more ]
>
> Right now I'm trying to figure out how to get the auth_type to not be
> LDAP and instead do the ms_chap module activities in
> rad_check_password
>
> in users, I've tried
>
> DEFAULT Auth-Type := Local
> Fall-Through = 1
>
> as well as
>
> DEFAULT Auth-Type := MSCHAP
> Fall-Through = 1
>
> ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok
> modcall[authorize]: module "mschap" returns ok
> modcall: group authorize returns ok
> rad_check_password: Found Auth-Type LDAP
> authtype count: 1
> auth: --- type "Ldap"
> auth: Failed to validate the user.
>
> the --- and authtype count were my own edits to see where things were
> being set
>
> currently
>
> authorize {
> ldap
> mschap
> }
>
> and
>
> authenticate {
> authtype MSCHAP {
> mschap
> }
> }
>
> I've also tried
>
> authenticate {
> mschap
> }
>
> and no matter what, it always seems to come up with
>
> rad_check_password: Found Auth-Type LDAP
>
> and that fails and a access-reject packet is sent
> --
> Chris Green <[EMAIL PROTECTED]>
> A watched process never cores.
First of all you don't have the files module in the authorize section of
radiusd.conf. That means that whatever you put in the users file will not be
read. Also, the ldap module will set the Auth-Type to LDAP if it has not been
already set. So it should be put after any other module which needs to set the
Auth-Type (like mschap,chap etc). So the config for the authorize section should be:
authorize{
mschap
files
ldap
}
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
