Re: CHAP / PAP ?

[Joel Eddy]

Mike,
That did it. I changed the users file in /etc/raddb/
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT Auth-Type = System
       Fall-Through = 1
to:
DEFAULT Auth-Type = PAP
       Fall-Through = 1
Then change in the radiusd.conf in /etc/raddb/
In the Modules section for the  PAP module
change:
pap {
                       encryption_scheme = crypt
}
to:
pap {
                       encryption_scheme = clear
}
This will allow the webtv receivers to authenticate with freeradius using 
PAP.
And it will still use CHAP for the PC users.

BIG THANKS to you Mike. And a BIG THANKS to you Alan
for your input also.

Joel
----- Original Message ----- 
From: "Joel Eddy" <[EMAIL PROTECTED]>
To: "Joel Eddy" <[EMAIL PROTECTED]>
Sent: Thursday, February 17, 2005 10:28 PM
Subject: Fw: CHAP / PAP ?


try this on freeradius to auth PAP
----- Original Message ----- 
From: "Michael Mitchell" <[EMAIL PROTECTED]>
To: <freeradius-users@lists.freeradius.org>
Sent: Thursday, February 17, 2005 7:06 PM
Subject: Re: CHAP / PAP ?


Hi Joel,
Yep, the default users file sets Auth-Type := System by default. The 
order, and behaviour of the modules in your 'authorize' section of 
radiusd.conf which Auth-Type is eventually used. I believe that each 
module will set the Auth-Type appropriate, *IF* the Auth-Type hasn't 
already been set...

I've never really worked out the best way to change this behaviour that 
still adheres to "the intended design", and still get the results I want.

If you don't need to process the users file for authorization, you should 
be able to remove it from the 'authorize', section.

Otherwise, if you do need to process the users file, probably the easiest 
is to change the default behaviour in the users file, ie change:

#
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT Auth-Type = System
       Fall-Through = 1
to:
DEFAULT Auth-Type = PAP
       Fall-Through = 1
That should still let CHAP work when specified, but will default to PAP 
if no other method of authentication has already been specified.

This is untested of course, so please report back to me if it worked or 
not...

Alan or others may want to comment on this...
regards,
Mike

----  Joel Eddy <[EMAIL PROTECTED]> wrote:
I'm running the server that way at all times. I was reading in the 
Radius
book to run it that way so you can see the log file go by.

When I look at it says
rad_check_password: Found Auth-Type System
auth: type "System"
modcall[authenticate]: module "unix" returns notfound for request 969
modcall; group authenticate returns notfound for request 969
auth: Failed to validate user
I know I didn't set auth type to system. Or at least rather sure.
I made sure not to set that as I've seen Alan go ape if that gets set.
So I didn't want the rath of kan for setting it. ;-)

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html