Phil Thompson <[EMAIL PROTECTED]> wrote: > no doubt, however it is interesting that many people come to a point > where they make such a setting, don't you find.
At first, it appears to make sense to force MS-CHAP when you want to do MS-CHAP. Then, for some reason, everything else fails later.... and it's difficult to know why, because the server *is* doing what you told it to do. So you force it to do EAP, but then MS-CHAP breaks, and you're frustrated that it's so hard to configure. > If you could clarify why that is and fix it you wouldn't have to > shout in mailing lists. The reason for shouting it in mailing lists is that people *still* say it's a good thing to do, despite lots of documentation saying it's a bad idea, and near-daily messages on this list saying it's a bad idea. And your solution is... more documentation? Sorry, that won't help. The people who need it the most won't read it. I'm starting to think that removing Auth-Type from 2.0 is a good idea. > I have just verified it is not necessary by commenting it out, thanks. See? > I think you're saying at > http://deployingradius.com/documents/configuration/auth_type.html that a > default auth-type is not necessary and should not be set. Is that so ? > In which case having > > DEFAULT Auth-Type = System > > in the users file in the FreeRADIUS tarball helps to get us off on the > wrong foot :-) Yes. That's been deleted in 2.0, and many of the modules updated, in order to make it even easier to get it to work. I think it's high time for 2.0. I've been waiting for a few fixes for entirely too long now... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
