The secret in your clients.conf file is used to encrypt and sign packets
between the clients and the server. It is not used for authentication.
Based on what you mention here and what someone else on the list mentioned
earlier, I think the reason the secret is ignored is because it is used to
encrypt the auth info which is basically non existant in an Auth All
situation.
Am I getting this correct now?
Yep
Well, I don't understand the huntgroups and all just yet, I am new to
FreeRadius (not to Radius in general, just FreeRadius). So, will this fix my
issue where only CHAP request are rejected? I am only having trouble with
CHAP request at this time, all other request from allowed clients in the
clients.conf file are getting an Accept back just as I want.
The huntgroups file is pretty easy to understand. Just read the comments
in it.
But, now that you mention it. Your Auth-Type := Accept is still working
with chap. Perhaps what I told you won't make a difference. Do you have
anything in your authorize and authenticate section? Perhaps you ought to
just try this.
Comment out everything in authorize except for preprocess and files, so it
would look like this w/out the comments.
authorize {
preprocess
files
}
authenticate {
}
That way the only thing that is touched is the users file. I'd be willing
to bet that you have chap listed in authorize right now and its before
the files section.
So, its hitting the chap section of authorize and doesn't see a chap
passwd and fails which causes a reject before it even gets to the files
section.
Just a guess?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
