John Horne <[EMAIL PROTECTED]> wrote: ... > This all works fine; the user is authenticated and radiusd sees that > MS-CHAPv2 is being used (and is to be used).
Hmm... so MS-CHAPv2 works, as I suspected. Recent discussion on the list says it's broken on some systems, but I don't know why. > However, if I simply change the users file entry to: > > fred Auth-Type := Local, User-Password != "anything" > > Specifying that the pwd should not be 'anything' then it doesn't work. > That is, I cannot authenticate. The radiusd output shows: I don't see why you would expect that user to authenticate. > My thought was to make a default entry such as: > > DEFAULT Auth-Type := Local, User-Password != "something" > > I have tried, from the FAQ, using just 'Auth-Type = Accept' but although > radiusd seems to accept the user and password, the connection then > fails. Hmm... that's probably an issue with the MS-CHAP module. OK, go to src/modules/rlm_mschap/rlm_mschap.c, look for: vp = pairmake("Auth-Type", authtype_name, T_OP_SET); change the T_OP_SET to T_OP_EQ, and re-compile & install the module. It should work then. > Anyone got any suggestions about this. Relevant parts of the > radiusd.conf are below, but simply change the users file entry operator > from '==' to '!=' surely shouldn't cause a problem? All the encryption > stuff should work because instead of comparing the users file password > with the one the user enters when connecting should simply check for > equality or not. When '==' is used they should be equal, when '!=' is > used the should not be equal. Due to the way passwords are checked, it doesn't quite work that way. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html