While i'm in a posting mood :) On Wed, May 29, 2002 at 02:00:55PM -0400, Deramus, Chris wrote: > Alan, > > Thanks for your quick response, I will definitely give this a try. I like > this product and I think it'll work out great once I can finish the > configuration but let me ask you this. I realize this isn't your problem but > I just wanted to see what you might suggest. If I set the Auth-Type to > Local, and then use lets say PAP for example to internally authenticate.
If you set Auth-Type to Local you won't be using PAP to authenticate, set Auth-Type to PAP if you wan't PAP. Local will (i think) only let you use cleartext passwords (and CHAP?) if i'm reading the source correctly. > We're trying to set up a web front, where all of this stuff can be changed > without having to know any linux commands or mysql commands. I have the web > front basically done, but tying it into FreeRadius would be nearly > impossible from what I'm understanding. That means the password needs to > also be stored in one of the configuration files correct? Such as > clients.conf? Or is PAP just used to verify the password stored in the SQL > database? Nono, you can store the password in the (per default) radcheck table in the sql database. PAP (for example) is, like you said, only used to verify the password returned from the sql module. PAP can check cleartext, crypt and md5 passwords at the moment. clients.conf is used for the secrets etc. for communicating with other 'clients', NAS'es etc, and has nothing to do with the actual user authentication, i think you meant the 'users' file above. You can also set the Auth-Type attribute in the radgroupcheck table if you want to avoid the users file alltogether. Ie. you never need to touch anything other then the sql database with your web frontend. -- Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
