Hi Shawn,
Thanks a million... This worked perfectly :) I've created the Auth-Type as
a group-check however (it would just seem easier to maintain / admin in
large scale environments), but so far, all is well. My tests on PAP and
CHAP is now working.
--
me
----- Original Message -----
From: "Shawn O'Shea" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 10, 2003 4:11 PM
Subject: Re: PAP & CHAP
I've been using this in my authenticate block for awhile and it seems to
work fine with UUNet for the dialup we resell from them:
authtype UUNET {
chap
pap
}
and just match it with Auth-Type := UUNET for an entry in the users file.
-Shawn
On Fri, 10 Jan 2003, Chris Knipe wrote:
> Hi,
>
> I tried this, and it still did not work :( Maybe I am missing
something...
> Bellow's the relevant snippets from my configuration...
>
> modules {
> pap {
> encryption_scheme = clear
> }
>
> chap {
> authtype = CHAP
> }
> }
>
> authorize {
> preprocess
> attr_filter
> suffix
> files
> chap
> sql
> }
>
> # Authentication.
> authenticate {
> authtype PAP {
> pap
> }
>
> authtype CHAP {
> chap
> }
> }
>
> --
> me
>
>
> ----- Original Message -----
> From: "3APA3A" <[EMAIL PROTECTED]>
> To: "Chris Knipe" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, January 09, 2003 10:55 AM
> Subject: Re: PAP & CHAP
>
>
> > Dear Chris Knipe,
> >
> > Set Auth-Type to PAP, add chap module to authorize section and make sure
> > you have
> >
> > chap {
> > authtype = CHAP
> > }
> >
> > in module configuration. In this case default authentication will be
> > PAP, but if CHAP-Password attribute will be found in request Auth-Type
> > will be changed to CHAP during authorization. This behavior is explained
> > in doc/rlm_mschap for MS-CHAP authentication which is very similar to
> > CHAP.
> >
> > --Thursday, January 9, 2003, 6:47:32 AM, you wrote to
> [EMAIL PROTECTED]:
> >
> > CK> Lo everyone,
> >
> > CK> I think I have a little bit of a problem (or maybe not)...
> >
> > CK> I want to use PAP and CHAP authentication... Basically, a user
should
> be
> > CK> able to authenticate using PAP or CHAP... I've created a group
> attribute
> > CK> request (Auth-Type := PAP as well as Auth-Type := CHAP). However,
> > CK> Freeradius only takes the first one it gets from the database (PAP),
> and
> > CK> disregards the CHAP.
> >
> > CK> I know this is stupid, but I am presuming that Auth-Type is sent
from
> the
> > CK> NAS to the Radius server in any case? How can do I get freeradius
to
> accept
> > CK> both password types? My PAP is stored cleartext to make it
compatible
> with
> > CK> CHAP, and when I manually remove PAP for CHAP I can authenticate
using
> both
> > CK> types... Right now though, I don't really see a way how I can use
both
> at
> > CK> the same time on the same accounts?
> >
> > CK> --
> > CK> me
> >
> >
> > CK> -
> > CK> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> >
> > --
> > ~/ZARAZA
> > ������� �� ������ ���, �� ��������� ������������. ����������� ��� �.
> (����)
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
Shawn K. O'Shea
Sr. Unix Administrator
DSL.net, Inc.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
