We are in the process of setting up Radius to work with Wcom/UUNet resell as well. If you could share your user config with me so I could see how the setup looks (I assume yours is working), it would save me a lot of time trying to understand their less than adaquate documentation on how to set it up to meet their needs.
I would owe you a big one and will even help research the Chap issue for you. I will be testing with Wcom tomorrow and have a small window so any guidance you have would be appreciated. If you send you users file, just comment out your passwords and such. Thanks Michael -----Original Message----- From: Shawn O'Shea [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 20, 2002 3:43 PM To: [EMAIL PROTECTED] Subject: CHAP-Password & LDAP Auth? I'm currently using Steel Belted Radius w/ UU.net and trying to replicate the functionality of our stell belted server w/ freeradius. Basically we take incoming proxied auth requests from UU, auth them, and reply back to the proxy. I grabbed some of the inbound packets off the wire so I could look at what attributes we're recieving, so that I could build similar looking access requests with radclient. My problem is that the packets from them send the password as CHAP-Password attribute. If I set this in my test data for radclient, my freeradius 0.5 server says: Wed Mar 20 15:35:57 2002 : Auth: rlm_ldap: Attribute "User-Password" is required for authentication. Cannot use "CHAP-Password". Wed Mar 20 15:35:57 2002 : Auth: Login incorrect: [{ed: whatever username -sko}/<CHAP-Password>] (from nas UNKNOWN-NAS port 0 cli 8475061520) If I use just User-Password, this works like a dream. Any suggetions? -Shawn Shawn K. O'Shea Sr. Unix Administrator DSL.net, Inc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -----Original Message----- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 20, 2002 4:13 PM To: [EMAIL PROTECTED] Subject: Re: CHAP-Password & LDAP Auth? Shawn O'Shea <[EMAIL PROTECTED]> wrote: > My problem is that the packets from them send the password as > CHAP-Password attribute. If I set this in my test data for radclient, > my freeradius 0.5 server says: Wed Mar 20 15:35:57 2002 : Auth: > rlm_ldap: Attribute "User-Password" is required for authentication. > Cannot use "CHAP-Password". See the FAQ for further explanation. > Wed Mar 20 15:35:57 2002 : Auth: Login incorrect: > [{ed: whatever username -sko}/<CHAP-Password>] (from nas UNKNOWN-NAS > port 0 cli 8475061520) > > If I use just User-Password, this works like a dream. Any suggetions? Don't use CHAP. From what I recall, the LDAP module tries to authenticate to the LDAP server, usin g the username/password supplied in the packet. Therefore, it needs access to the plain-text password, as it's telling you. The alternative is to use a DB which stores the password in clear text. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
