Issues with the users' file.

Wed, 24 Dec 2003 10:01:43 -0800 

        Greetings, happy holidays and all of that good stuff..

         I'm finally getting around to migrating our radius solution over to
FreeRadius, and I've noticed a few issues, hopefully they're easy. In my
users file I have around 45 users that have specific properties. Some of
them are Dedicated Dial-Up, some of them are Dual channel ISDN with static
IP, some of them are Dedicated Dual channel ISDN with static IP.. I'm having
some problems making my old users file entries jive with the freeradius
lingo.

test             Password == "removedtoprotecttheinnocent"
                Service-Type = Framed,
                Framed-Protocol = MPP,
                Ascend-Maximum-Time = 18000,
                Framed-IP-Address = 209.22.201.121,
                Framed-IP-Netmask = 255.255.255.248,
                Ascend-Idle-Limit = 900,
                Ascend-Maximum-Channels = 2,
                Framed-Routing = None,
                Fall-Through = "1"
                
Doom                Password == "thepassword"
                Service-Type = Framed,
                Framed-Protocol = MPP,
                Ascend-Maximum-Time = 18000,
                Framed-IP-Address = 209.54.37.66,
                Framed-IP-Netmask = 255.255.255.255,
                Ascend-Idle-Limit = 900,    
                Ascend-Maximum-Channels = 2,
                Framed-Routing = None,  
                Fall-Through = "1"

        Now, 99% of my users use PAP, and authenticate via the SYSTEM
method, this works excellent. However it seems that anyone who has a
password listed in the users file automatically 'requires' CHAP, is there a
way to make it 'allow CHAP if it has a password in users, but not REQUIRE
chap?' We were using an old version of Merit AAA and (it didn't even support
chap) but when we had users listed in the users file, it would allow them to
auth via PAP just like everyone else. 

        Another problem I noticed is that there is a difference in between
what FreeRadius should be sending back to the NAS and what it is sending
back to the NAS.

Example.

For the 'Doom' account.

The doom account is basically getting all of the attributes of the DEFAULT
account... but it should be using its own account specific attributes.

DEFAULT Auth-Type = System
        Fall-Through = "1",
        Service-Type = Framed-User,
        Framed-IP-Address = 255.255.255.254,
        Framed-MTU = 576,
        Framed-Protocol = PPP,
        Framed-Compression = Van-Jacobson-TCP-IP,
        Ascend-Maximum-Time = 18000,
        Ascend-Idle-Limit = 900,
        Ascend-Maximum-Channels = 1

I have the default entry listed at the top of the file.

Anyone Have any ideas?

-Drew



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to