Re: EAP/MD5,CHAP O.K - PAP Fails

Mon, 09 Sep 2002 04:49:43 -0700 

On Mon, 9 Sep 2002, [iso-8859-1] J�rgen Wei� wrote:

> High List
>
> I have problem concerning freeradius 0.7 on an RedHat 7.3 Operating
> system.
> EAP/MD5 and Chap works fine in conjunction with LDAP. But PAP
> authentification fails.
> Any hints or suggestions where I make an mistake !
>
> ########################## Start: radiusd.conf #########################
>
>
>
> modules {
>
>  ...
>
>  eap {
>   md5 {
>   }
>  }
>
>  chap {
>  }
>
>  mschap {
>   authtype = MS-CHAP
>  }
>
>  pap {
>   encryption_scheme = clear
>  }
>
>  ldap {
>   server = "ldap.uni-oldenburg.de"
>   identity = "cn=......................................."
>   password = .......
>   basedn = "ou=Radius,ou=Account,dc=uni-oldenburg,dc=de"
>   filter = "(uid=%u)"
>   start_tls = no
>   dictionary_mapping = ${raddbdir}/ldap.attrmap
>   ldap_connections_number = 15
>   password_attribute = userPassword
>   timeout = 4
>   timelimit = 3
>   net_timeout = 1
>  }
>
>  ...
> }
>
>
>
> authorize {
>  preprocess
>  chap
>  ldap
>  eap
>
>
> }
>
>
> authenticate {
>  eap
>  authtype CHAP {
>   chap
>  }
>  authtype PAP {
>   pap
>  }
>
> }
>
> ....
>
> ########################## End: radiusd.conf #########################
> ########################## Start: users      #########################
>
> DEFAULT Auth-Type := Local
>  Fall-Through = 1
> DEFAULT Auth-Type := System
>  Fall-Through = 1
>
> ########################## End:: users      #########################

Hint 1: You don't have the files module listed in your authorize section.

Hint 2: You don't set the Auth-Type to PAP.

Hint 3: Don't use the := operator for Auth-Type. CHAP will not work if you do
that

I would suggest something like this:

authorize{
  preprocess
  chap
  eap
  files
  ldap
}

users:

DEFAULT Auth-Type = PAP

or you could just leave the users file blank, add the ldap module in the
authenticate section and let it handle the PAP requests.

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]      National Technical University of Athens, Greece
Work Phone:             +30 10 7721861
'Go back to the shadow' Gandalf




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to