Re: Directions followed, No go

Thu, 28 Mar 2002 05:12:12 -0800 

On Thu, 28 Mar 2002, Michael S. McCollough wrote:

> I have included both of my files. If I have done anything other than what
> you directed then I will eat crow (good training for Fear Factor anyway). It
> is still using Auth type=ldap for PAP. I am using 0.5 from CVS. I am usually
> pretty good at following directions.
>
> Here is my users file (I also had DEFAULT Auth-Type = PAP with a
> Fall-Through=Yes below configured before another section DEFAULT Suffix ==
> "@planetez.net"
>
>
> DEFAULT Auth-Type = PAP,Suffix == "@planetez.net"
>       Service-Type = Framed-User,
>       Framed-Protocol = PPP,
>       X-Ascend-Data-Filter = "ip in forward tcp est",
>       X-Ascend-Data-Filter = "ip in forward dstip 65.216.115.16/32",
>       X-Ascend-Data-Filter = "ip in drop tcp dstport = 25",
>       X-Ascend-Data-Filter = "ip in forward",
>
>
> Here is radiusd.conf:
>
> [....]
>
> authorize {
>       preprocess
>       chap
>       files
>       ldap
>       suffix   <------ Hmmmm
> }

You have the realms module after the files module. It should probably be before.
Also try puting
DEFAULT Auth-Type = PAP

on a line of its own. It would be best to put it in the first line in the users
file and put a
Fall-Through = Yes after that

Hope this helps.

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]      National Technical University of Athens, Greece
Work Phone:             +30 10 7721861
'Go back to the shadow' Gandalf

>
>
> authenticate {
> #     pam
>       chap
>       authtype PAP {
>       pap
>       }
> }
>
>
> preacct {
>       files
>       preprocess
> }
>
>
> accounting {
>       detail
>       unix
>       radutmp
> }
>
>
> session {
>       radutmp
> }
>
> -----Original Message-----
> From: Kostas Kalevras [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 28, 2002 4:06 AM
> To: Michael S. McCollough
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: CHAP-LDAP PAP-LDAP
>
>
> On Wed, 27 Mar 2002, Michael S. McCollough wrote:
>
> > I noticed in radiusd -X that PAP trys to bind to the ldap directory
> > where CHAP appears to do a simple search/read The bind status does not
> > show up in the debug. Is there a way to make PAP behave like CHAP with
> > the ldap module?
>
> You would have saved yourself a lot of trouble if you just copied the
> configuration I sent in my email. In any case let me explain what is
> happening. You have in your authorize section:
>
> authorize {
>       chap
>       ldap
>       files
> }
>



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to