Tony Spencer wrote:
On testing I found users still couldn't authenticate by PAP or CHAP, I
run "radiusd -X" and from what I could see its because of the Default
setting:
DEFAULT Auth-Type = System
Fall-Through = 1
That is no longer in the default config in CVS. If/when it'll make it
into a release version, one of the developers would have to reply.
What do I need to change to get Freeradius to accept both PAP and CHAP
authentication?
Remove that entry for a start.
FR 1.0.1 isn't a version I have installed or the source knocking around
for, but at least in current versions (fixed in CVS) the handling of PAP
and Auth-Type is a little inconsistent - there's no authorize handler
for PAP.
You want something like:
modules {
pap {
encryption_scheme = clear
}
chap {
authtype = CHAP
}
# .. rest of modules
}
authorize {
preprocess
chap
files
}
authenticate {
Auth-Type CHAP {
chap
}
Auth-Type PAP {
pap
}
}
...and in "users":
username User-Password := "string", Auth-Type = PAP
...since the Auth-Type is set using "=" if Auth-Type is ALREADY CHAP
from the chap module, it won't be changed. If it isn't set, it'll be set
to PAP and executed appropriately.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
