Hi Joel,
Yep, the default users file sets Auth-Type := System by default. The order, and
behaviour of the modules in your 'authorize' section of radiusd.conf which
Auth-Type is eventually used. I believe that each module will set the Auth-Type
appropriate, *IF* the Auth-Type hasn't already been set...
I've never really worked out the best way to change this behaviour that still
adheres to "the intended design", and still get the results I want.
If you don't need to process the users file for authorization, you should be
able to remove it from the 'authorize', section.
Otherwise, if you do need to process the users file, probably the easiest is to
change the default behaviour in the users file, ie change:
#
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT Auth-Type = System
Fall-Through = 1
to:
DEFAULT Auth-Type = PAP
Fall-Through = 1
That should still let CHAP work when specified, but will default to PAP if no
other method of authentication has already been specified.
This is untested of course, so please report back to me if it worked or not...
Alan or others may want to comment on this...
regards,
Mike
---- Joel Eddy <[EMAIL PROTECTED]> wrote:
> I'm running the server that way at all times. I was reading in the Radius
> book to run it that way so you can see the log file go by.
>
> When I look at it says
>
> rad_check_password: Found Auth-Type System
> auth: type "System"
> modcall[authenticate]: module "unix" returns notfound for request 969
> modcall; group authenticate returns notfound for request 969
> auth: Failed to validate user
>
> I know I didn't set auth type to system. Or at least rather sure.
> I made sure not to set that as I've seen Alan go ape if that gets set.
> So I didn't want the rath of kan for setting it. ;-)
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
