Mike,
That did it. I changed the users file in /etc/raddb/
# First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). # DEFAULT Auth-Type = System Fall-Through = 1 to:
DEFAULT Auth-Type = PAP Fall-Through = 1
Then change in the radiusd.conf in /etc/raddb/
In the Modules section for the PAP module change:
pap { encryption_scheme = crypt }
to:
pap { encryption_scheme = clear }
This will allow the webtv receivers to authenticate with freeradius using PAP.
And it will still use CHAP for the PC users.
BIG THANKS to you Mike. And a BIG THANKS to you Alan for your input also.
Joel
----- Original Message ----- From: "Joel Eddy" <[EMAIL PROTECTED]>
To: "Joel Eddy" <[EMAIL PROTECTED]>
Sent: Thursday, February 17, 2005 10:28 PM
Subject: Fw: CHAP / PAP ?
try this on freeradius to auth PAP
----- Original Message ----- From: "Michael Mitchell" <[EMAIL PROTECTED]>
To: <freeradius-users@lists.freeradius.org>
Sent: Thursday, February 17, 2005 7:06 PM
Subject: Re: CHAP / PAP ?
Hi Joel,
Yep, the default users file sets Auth-Type := System by default. The order, and behaviour of the modules in your 'authorize' section of radiusd.conf which Auth-Type is eventually used. I believe that each module will set the Auth-Type appropriate, *IF* the Auth-Type hasn't already been set...
I've never really worked out the best way to change this behaviour that still adheres to "the intended design", and still get the results I want.
If you don't need to process the users file for authorization, you should be able to remove it from the 'authorize', section.
Otherwise, if you do need to process the users file, probably the easiest is to change the default behaviour in the users file, ie change:
# # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). # DEFAULT Auth-Type = System Fall-Through = 1
to:
DEFAULT Auth-Type = PAP Fall-Through = 1
That should still let CHAP work when specified, but will default to PAP if no other method of authentication has already been specified.
This is untested of course, so please report back to me if it worked or not...
Alan or others may want to comment on this...
regards, Mike
---- Joel Eddy <[EMAIL PROTECTED]> wrote:I'm running the server that way at all times. I was reading in the Radius
book to run it that way so you can see the log file go by.
When I look at it says
rad_check_password: Found Auth-Type System auth: type "System" modcall[authenticate]: module "unix" returns notfound for request 969 modcall; group authenticate returns notfound for request 969 auth: Failed to validate user
I know I didn't set auth type to system. Or at least rather sure. I made sure not to set that as I've seen Alan go ape if that gets set. So I didn't want the rath of kan for setting it. ;-)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html