authenticate, I don't need accounting. I have included the radiusd.conf file now in effect.
The dialup provider is using PAP to access our server. When I test this setup, it only works
(using the NTRadPing thing) if I specify CHAP. The online freeradius.org doc links are broken
and the RADIUS book does not discuss forcing choice of PAP or CHAP so far as I could find
in the contents, index or by skimming sections.
My question is, how do I force FreeRADIUS to do PAP authentication and not do CHAP?
Thanks in advance.
-ecsd
################################################################################
# radiusd.conf -- FreeRADIUS server configuration file.
################################################################################
prefix = /usr/local
exec_prefix = /usr/local
sysconfdir = /usr/local/etc
localstatedir = /var
sbindir = /usr/local/sbin
logdir = /var/log
raddbdir = /usr/local/etc/raddb
radacctdir = /var/log/radacct
confdir = /usr/local/etc/raddb
run_dir = /var/run
################################################################################
log_file = /var/log/radius.log
libdir = /usr/local/lib
pidfile = /var/run/radiusd.pid
#user = nobody
#group = nobody
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
#bind_address = *
bind_address = (suppressed for privacy)
#<>ecsd
port = 1645
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
# no:
log_auth = yes
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = /usr/local/sbin/checkrad
################################################################################
# SECURITY CONFIGURATION
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
################################################################################
# PROXY CONFIGURATION
proxy_requests = no
################################################################################
# CLIENTS CONFIGURATION
$INCLUDE /usr/local/etc/raddb/clients.conf
################################################################################
# SNMP CONFIGURATION
snmp = no
################################################################################
# THREAD POOL CONFIGURATION
thread pool {
start_servers = 5
max_servers = 10
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
################################################################################
# MODULE CONFIGURATION
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
# passwd = /etc/passwd
# shadow = /etc/shadow
# group = /etc/group
radwtmp = /var/log/radwtmp
}
mschap {
authtype = MS-CHAP
}
# '[EMAIL PROTECTED]'
realm suffix {
format = suffix
delimiter = "@"
ignore_default = no
ignore_null = no
}
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = /usr/local/etc/raddb/users
#acctusersfile = /usr/local/etc/raddb/acct_users
compat = no
}
detail {
detailfile = /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
radutmp {
filename = /var/log/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = /var/log/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = /usr/local/etc/raddb/attrs
}
# counter daily {
# filename = /usr/local/etc/raddb/db.daily
# key = User-Name # count-attribute = Acct-Session-Time
# reset = daily
# counter-name = Daily-Session-Time
# check-name = Max-Daily-Session
# allowed-servicetype = Framed-User
# cache-size = 5000
# }
always fail {
rcode = fail
} always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
exec {
#wait = yes
input_pairs = request }
exec echo {
#wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
#packet_type = Access-Accept
}
}
################################################################################
# Instantiation
instantiate {
#exec
#expr
}
################################################################################
authorize {
preprocess
# un-comment the following line, and the 'detail auth_log' section, above.
#auth_log
#suffix
files
}
################################################################################
# Authentication.
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
#unix
}
################################################################################
preacct {
preprocess
#acct_unique
files
}
################################################################################
accounting {
}
################################################################################
session {
}
################################################################################
post-auth {
}
pre-proxy {
}
post-proxy {
}
################################################################################
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
