This is the error we are getting when a PAP user tries to log in. They are in the passwd/shadow files.
Thread 1 handling request 0, (1 handled so far) User-Name = "username" User-Password = "*****" NAS-IP-Address = 65.169.xxx.x(Omitted) NAS-Port = 31 Service-Type = Framed-User Framed-Protocol = PPP USR-Connect-Speed = 16800-BPS USR-Modulation-Type = v32Terbo USR-Simplified-MNP-Levels = mnpLevel4 USR-Simplified-V42bis-Usage = none USR-Chassis-Call-Slot = 0 USR-Chassis-Call-Span = 1 USR-Chassis-Call-Channel = 2 NAS-Identifier = "ras1" Acct-Session-Id = "07020118" NAS-Port-Type = Async modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "eap" returns noop for request 0 rlm_realm: No '@' in User-Name = "bertram", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 radius_xlat: '' modcall[authorize]: module "sql" returns fail for request 0 modcall: group authorize returns fail for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 65.169.xxx.x:1645, id=110, length=191 Sending Access-Reject of id 110 to 65.169.xxx.x:1645 ----- Original Message ----- From: "Milver S. Nisay" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 20, 2004 12:34 PM Subject: Re: PAP/CHAP > > I was told that FreeRadius can answer PAP/CHAP at the same > > time that it didn't care. > > Yes, freeradius does not care what authentication request are coming in, > whether PAP/CHAP or system authenticated > accounts. If freeradius was configured properly, it will reply as it was > tasked to do. > > > The problem I'm having is if a user loges in with no realm (PAP) and > > there user name is in the system files, it doesn't work. If I use a > > different user and log in to our wholesale(CHAP) side the user name in the > mysql > > database does fine. > > no realm or with realm, freeradius does not care, it will do what we design > its radiusd.conf to be. > there's a work around, PAP accounts can be configured to be authenticated > based from account names, password and > expiration attributes and others inside MySQL database too, without ofcourse > using /etc/passwd and /etc/shadow files. > > > How do I tell FreeRadius to look in the system file first and then the > > Local (mySQL) second if not found in the System files? > > it does and that is why you don't need to.. > > > I did not really want to run two radius on the same machine on different > > ports if at all possible. > > if you like it that way, it can be worked out without considering pros and > cons. > > > > Other than this little snag, I have all my tools to work everything from > the > > command prompt. Add, Disable, Enable, Remove, etc.. > > hope this helps. > > //milver > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html