Jonathan van der Wat wrote: > Alan, > > I've been searching the lists for most of the day but haven't been able > to come right. What I've noticed recently is that if I add the user on > the test box with no password, and then try to sign on via ssh I see the > following in the radiusd debug output: > > User-Password = "/*mypassword*/"
That's how PAM works. You need to have users in /etc/passwd for UID, GID, etc. PAM does password checking *only*. > However, the user is still not authenticated via the FreeRADIUS server. Well... go read the debug output to see why. > If I explicitly go and add that user to the */etc/raddb/users* file, > then authentication works via PAP. How do I tell FreeRADIUS to use > MS-CHAP for all users? You don't. The authentication method (PAP, CHAP, MS-CHAP) is chosen by the client. In this case, the pam_radius_auth module. And the "active directory" pages on my web set tells you how to authenticate to AD using PAP. This is documented. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
