On Sat, 3 Jan 2009, Alan DeKok wrote:
Mike Diggins wrote:
After getting NTLM_AUTH working using PAP, I decided to try the MS-CHAP2
as well and that appears to work, but I had to remove the line "DEFAULT
Auth-Type := ntlm_auth" from my users file.
Use "=", not ":=". I updated the "howto" on my web site a few weeks
ago to reflect this.
When I do that MS-CHAP2
works, but PAP doesn't. I will have various radius clients, some of
which support MS-CHAP2, but some do not. How can I use both together? My
users will be connecting to both services, so defining a specific
AUTH-TYPE for each user won't work.
The above change should work.
Thanks, that worked. I was following your web page too, not sure how I
missed that. If my user file looks like this:
diggins Auth-Type = ntlm_auth
Reply-Message = "Group=NetWorkers",
DEFAULT Auth-Type = ntlm_auth
How do I stop it from sending the same Reply message when the user enters
a incorrect password. Right now the Reject responds like this:
Sending Access-Reject of id 22 to 192.168.2.2 port 1025
Reply-Message = "Group=NetWorkers"
Also, my client (a cisco ASA5500 VPN Server) has an authorization check
box. When I check it, it sends a Radius request with the username and
password both filled in with the username. FreeRadius seems to treat it as
another authentication request. What is its purpose?
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
