Andreas Haumer <[EMAIL PROTECTED]> wrote:
> The biggest problem currently is IMHO the huge amount of
> outdated or semi-complete documentation one will find out
> there when using google or the mail-archives!
Submit some documentation, and we'll include it.
But the documentation should consist of a few simple, clear steps to
take, with as little changes as possible to the default configuration.
e.g.
1) configure user && clear-text password in "users" file
test authentication protocols
2) configure LDAP module, and uncomment references to ldap in radiusd.conf
test that the server works
3) delete the entry in (1) from the "users" file
ensure you have a TEST user with clear-text password in ldap
(Yes, I know you want to use samba && nt-password, that will come later)
test authentication protocols
4) add ntpassword for TEST user in ldap, and delete clear-text password
test PAP && MS-CHAP. CHAP won't work.
5) test it with a real user.
The problem most people have is that they try to configure
everything all at once. It's a nightmare, and they can't get it to
work. What they should be doing is performing a small series of
simple steps, where they can understand & test each step, before going
to the next one.
NOTHING else will be as fast as those simple steps.
> Yes, but it's (at least to me) not immediately clear that
> you have to put both "ldap" and "mschap" modules (in that
> order!) in the "authorize" section for that to work.
That's why they're in that order in the default config.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
