Hi,
> client localhost {
> secret = 181180
> shortname = localhost
> nastype = other
> }
>
> client 192.168.0.1 {
> secret = 181180
> shortname = testcisco
> nastype = cisco
> }
>
those look fine. have you actually tried a 'radtest' on the local server
to check all is well? eg put the following into your 'users' file
testuser01 Auth-Type:=Local, User-Password=="ehwtehi"
restart radiusd process then do
radtest testuser01 ehwtehi localhost 1812 181180
this is pure and simple PAP authentication at its best.
> ## radiusd.conf -- FreeRADIUS server configuration file.
which version of freeradius? this config is a bit crusty for a 1.x
install
change the following parts
#bind_address = *
#port = 0
listen {
# IP address on which to listen.
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname (radius.example.com)
# wildcard (*)
ipaddr = *
# Port on which to listen.
# Allowed values are:
# integer port number (1812)
# 0 means "use /etc/services for the proper port"
port = 1645
# Type of packets to listen for.
# Allowed values are:
# auth listen for authentication packets
# acct listen for accounting packets
#
type = auth
}
this uses the 1.x listen directive. i've also changed the port to 1645 - as you
say your
cisco is expecting this port!
> proxy_requests = yes
> $INCLUDE ${confdir}/proxy.conf
are you proxying? you didnt say so. you should set this to no(!)
> # Supports multiple encryption schemes
> # clear: Clear text
> # crypt: Unix crypt
> # md5: MD5 ecnryption
> # sha1: SHA1 encryption.
> # DEFAULT: crypt
> pap {
> encryption_scheme = crypt
> }
to do the radtest I mentioned above, this value needs to be 'clear'
you a crypted version of that password if you wish to use 'crypt'
as for all the rest. if you arent using it. comment it out.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
