See below... --- Alan DeKok <[EMAIL PROTECTED]> wrote:
> Phil Thompson <[EMAIL PROTECTED]> wrote: > > no doubt, however it is interesting that many > people come to a point > > where they make such a setting, don't you find. > > At first, it appears to make sense to force > MS-CHAP when you want to > do MS-CHAP. Then, for some reason, everything else > fails > later.... and it's difficult to know why, because > the server *is* > doing what you told it to do. So you force it to do > EAP, but then > MS-CHAP breaks, and you're frustrated that it's so > hard to configure. > > > If you could clarify why that is and fix it you > wouldn't have to > > shout in mailing lists. > > The reason for shouting it in mailing lists is > that people *still* > say it's a good thing to do, despite lots of > documentation saying it's > a bad idea, and near-daily messages on this list > saying it's a bad > idea. > > And your solution is... more documentation? > Sorry, that won't help. > The people who need it the most won't read it. > > I'm starting to think that removing Auth-Type from > 2.0 is a good > idea. Is it feasible to disable access to setting it, unless it explicitly added or enabled in the FR configuration, much like the various auth modules themselves? Then, at least, a warning could appear in the "-X" output indicating "Manual AuthType access enabled" so to immediately identify someone has already tried breaking their server :) Laker > > > I have just verified it is not necessary by > commenting it out, thanks. > > See? > > > I think you're saying at > > > http://deployingradius.com/documents/configuration/auth_type.html > that a > > default auth-type is not necessary and should > not be set. Is that so ? > > In which case having > > > > DEFAULT Auth-Type = System > > > > in the users file in the FreeRADIUS tarball helps > to get us off on the > > wrong foot :-) > > Yes. That's been deleted in 2.0, and many of the > modules updated, > in order to make it even easier to get it to work. > > I think it's high time for 2.0. I've been waiting > for a few fixes > for entirely too long now... > > Alan DeKok. > -- > http://deployingradius.com - The web site of > the book > http://deployingradius.com/blog/ - The blog > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
