Greetings, happy holidays and all of that good stuff.. I'm finally getting around to migrating our radius solution over to FreeRadius, and I've noticed a few issues, hopefully they're easy. In my users file I have around 45 users that have specific properties. Some of them are Dedicated Dial-Up, some of them are Dual channel ISDN with static IP, some of them are Dedicated Dual channel ISDN with static IP.. I'm having some problems making my old users file entries jive with the freeradius lingo.
test Password == "removedtoprotecttheinnocent" Service-Type = Framed, Framed-Protocol = MPP, Ascend-Maximum-Time = 18000, Framed-IP-Address = 209.22.201.121, Framed-IP-Netmask = 255.255.255.248, Ascend-Idle-Limit = 900, Ascend-Maximum-Channels = 2, Framed-Routing = None, Fall-Through = "1" Doom Password == "thepassword" Service-Type = Framed, Framed-Protocol = MPP, Ascend-Maximum-Time = 18000, Framed-IP-Address = 209.54.37.66, Framed-IP-Netmask = 255.255.255.255, Ascend-Idle-Limit = 900, Ascend-Maximum-Channels = 2, Framed-Routing = None, Fall-Through = "1" Now, 99% of my users use PAP, and authenticate via the SYSTEM method, this works excellent. However it seems that anyone who has a password listed in the users file automatically 'requires' CHAP, is there a way to make it 'allow CHAP if it has a password in users, but not REQUIRE chap?' We were using an old version of Merit AAA and (it didn't even support chap) but when we had users listed in the users file, it would allow them to auth via PAP just like everyone else. Another problem I noticed is that there is a difference in between what FreeRadius should be sending back to the NAS and what it is sending back to the NAS. Example. For the 'Doom' account. The doom account is basically getting all of the attributes of the DEFAULT account... but it should be using its own account specific attributes. DEFAULT Auth-Type = System Fall-Through = "1", Service-Type = Framed-User, Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP, Ascend-Maximum-Time = 18000, Ascend-Idle-Limit = 900, Ascend-Maximum-Channels = 1 I have the default entry listed at the top of the file. Anyone Have any ideas? -Drew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html