> > > Wed Mar 20 15:35:57 2002 : Auth: Login incorrect: > > [{ed: whatever username -sko}/<CHAP-Password>] (from nas > > UNKNOWN-NAS port 0 cli 8475061520) > > > > If I use just User-Password, this works like a dream. Any suggetions? > > Don't use CHAP.
Ok, well the UUNET docs states that I can use PAP or CHAP. Here's what their doc says about it though: Althought the REseller may not be using CHAP, they must configure their RADIUS server to respond to a CHAP request by requesting PAP authentication after declining CHAP. This is done during the LCP phase of creating a PPP session. Is this doable in freeradius? > From what I recall, the LDAP module tries to authenticate to the > LDAP server, usin g the username/password supplied in the packet. > Therefore, it needs access to the plain-text password, as it's telling > you. Running freeradius in debug mode, this is indeed what the LDAP module is doing. After reading through the section of the FAQ you pointed out, and the "Interoperation wiş PAP and CHAP" section of RFC2138 I'm starting to understand what the deal is. Thanks, -Shawn > > The alternative is to use a DB which stores the password in clear text. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Shawn K. O'Shea Sr. Unix Administrator DSL.net, Inc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html