Labis,
Here's the jist of my setup. The only difference is that I'm using mysql to
store the usernames instead of the users file. When i first tested it, I
just used a line in the user file:
username Auth-Type := System, Password == "Password"
You probably need to set up AAA on the Cisco side as follows:
aaa new-model
aaa authentication login default group radius local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius local
aaa accounting delay-start
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa processes 6
radius-server host 10.1.1.200 auth-port 1812 acct-port 1813 key 7
encryptedkeyhere
radius-server retransmit 3
Be very careful after you type 'aaa new-model'. If you log out of the
router, you could lose your local authentication for the router.
In clients.conf I have..............
client 10.1.1.3 {
secret = secret
shortname = cisco2600
nastype = cisco
}
And for radius.confg you need............
mschap {
#
# As of 0.9, the mschap module does NOT support
# reading from /etc/smbpasswd.
#
# If you are using /etc/smbpasswd, see the 'passwd'
# module for an example of how to use /etc/smbpasswd
# authtype value, if present, will be used
# to overwrite (or add) Auth-Type during
# authorization. Normally should be MS-CHAP
authtype = MS-CHAP
# if use_mppe is not set to no mschap will
# add MS-CHAP-MPPE-Keys for MS-CHAPv1 and
# MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2
# use_mppe = yes
# if mppe is enabled require_encryption makes
# encryption moderate
# require_encryption = yes
# require_strong always requires 128 bit key
# encryption
# require_strong = yes
}
authorize {
...
file
mschap
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
}
----- Original Message -----
From: "labis siegfried" <[EMAIL PROTECTED]>
To: "Steven Fries" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, July 15, 2003 8:40 AM
Subject: Re: MS-CHAP problem
> it don't work , can i have your config, but i don't use mysql but a cisco
> router
>
> A 08:16 15/07/03 -0500, Steven Fries a �crit :
> >you only need...........
> >
> >username Auth-Type := System, User-Password="pass"
> >
> >simple. I just configured mysql with MS-CHAP so if you want that config,
I
> >can send it to you.
> >
> >Steven
> >
> >----- Original Message -----
> >From: "labis siegfried" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Tuesday, July 15, 2003 5:27 AM
> >Subject: MS-CHAP problem
> >
> >
> > > i have a problem with MS-CHAP, the authentification does not work
> > >
> > > my config :
> > >
> > > name Auth-Type := Local , Auth-Type += MS-CHAP , User-Password ==
"pass" ,
> > > Password == "pass" , CHAP-Password == "pass"
> > > Service-Type = Framed-user,
> > > Framed-protocol = PPP,
> > > Fall-Through = Yes
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
