Hi Shawn, Thanks a million... This worked perfectly :) I've created the Auth-Type as a group-check however (it would just seem easier to maintain / admin in large scale environments), but so far, all is well. My tests on PAP and CHAP is now working.
-- me ----- Original Message ----- From: "Shawn O'Shea" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 10, 2003 4:11 PM Subject: Re: PAP & CHAP I've been using this in my authenticate block for awhile and it seems to work fine with UUNet for the dialup we resell from them: authtype UUNET { chap pap } and just match it with Auth-Type := UUNET for an entry in the users file. -Shawn On Fri, 10 Jan 2003, Chris Knipe wrote: > Hi, > > I tried this, and it still did not work :( Maybe I am missing something... > Bellow's the relevant snippets from my configuration... > > modules { > pap { > encryption_scheme = clear > } > > chap { > authtype = CHAP > } > } > > authorize { > preprocess > attr_filter > suffix > files > chap > sql > } > > # Authentication. > authenticate { > authtype PAP { > pap > } > > authtype CHAP { > chap > } > } > > -- > me > > > ----- Original Message ----- > From: "3APA3A" <[EMAIL PROTECTED]> > To: "Chris Knipe" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Thursday, January 09, 2003 10:55 AM > Subject: Re: PAP & CHAP > > > > Dear Chris Knipe, > > > > Set Auth-Type to PAP, add chap module to authorize section and make sure > > you have > > > > chap { > > authtype = CHAP > > } > > > > in module configuration. In this case default authentication will be > > PAP, but if CHAP-Password attribute will be found in request Auth-Type > > will be changed to CHAP during authorization. This behavior is explained > > in doc/rlm_mschap for MS-CHAP authentication which is very similar to > > CHAP. > > > > --Thursday, January 9, 2003, 6:47:32 AM, you wrote to > [EMAIL PROTECTED]: > > > > CK> Lo everyone, > > > > CK> I think I have a little bit of a problem (or maybe not)... > > > > CK> I want to use PAP and CHAP authentication... Basically, a user should > be > > CK> able to authenticate using PAP or CHAP... I've created a group > attribute > > CK> request (Auth-Type := PAP as well as Auth-Type := CHAP). However, > > CK> Freeradius only takes the first one it gets from the database (PAP), > and > > CK> disregards the CHAP. > > > > CK> I know this is stupid, but I am presuming that Auth-Type is sent from > the > > CK> NAS to the Radius server in any case? How can do I get freeradius to > accept > > CK> both password types? My PAP is stored cleartext to make it compatible > with > > CK> CHAP, and when I manually remove PAP for CHAP I can authenticate using > both > > CK> types... Right now though, I don't really see a way how I can use both > at > > CK> the same time on the same accounts? > > > > CK> -- > > CK> me > > > > > > CK> - > > CK> List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > -- > > ~/ZARAZA > > Стреляя во второй раз, он искалечил постороннего. Посторонним был я. > (Твен) > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Shawn K. O'Shea Sr. Unix Administrator DSL.net, Inc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html