"Phillip Ames" <[EMAIL PROTECTED]> wrote:
> I have been able to get Free Radius to authenticate from a router
> using CHAP. The problem with this is that the passwords are stored
> in plain text in the users file on the authentication server.
See the FAQ. This isn't much of a problem.
> 1. It seems that the authentication method is chosen by the client(in
> this case the router) - please correct me if I am wrong on this assumption.
See recent posts to the list. The choice of the user doing PAP or
CHAP is not up to the RADIUS server.
> 3. How do I set up PAP for the Free Radius server?
Huh? You don't have to do anything. It automatically supports PAP.
> I'd also rather not add an account to my /etc/passwd file for all
> the users who need to authenticate with this system, so I looked
> at the rlm_passwd module. It seems like this might be a better
> route if I use the "authtype = crypt" config line to make sure the
> passwords are crypted.
... on the server. Which means you can't do CHAP, EAP-MD5, or a
host of other authentication methods.
> Would the
> following be the correct way of setting up that type of configuration?
>
> passwd etc_raddb_mypasswdfile {
> filename =3D ${raddbdir}/mypasswdfile
> format =3D "*User-Name::Password"
Possibly. I don't use rlm_passwd, so I'm less familiar with it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
