"Scott Bartlett" <[EMAIL PROTECTED]> wrote:
> My users file has nothing in it's DEFAULT section setting auth-type
> (only some PPP parameters (?)). I have an 'auth-type=local' entry in
> radgroupreply for each group we have. I removed the auth-type entry for
> a test group from the database ... and a user in that group can still
> log in just fine. Basically, there is now no auth-type set anywhere
> explicitly for that user, their group, or DEFAULT, but it still seems to
> work.
Yes. See 'src/main/auth.c'.
If you supply a User-Password from a back-end ('users' file, SQL,
etc), and the request has a User-Password or CHAP-Password, then
'Auth-Type := Local' is assumed.
I think it would be prudent to add a warning message about this
misconfiguration, since it may change in the future.
> Based on the feedback to this thread, I should probably adjust that web
> page to indicate that the auth-type should go in rad(group)check and not
> rad(group)reply, yes? (and I'm off to re-re-read the docs again...
> Heh...)
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
