I tried that way and it's still failing. The debug shows:
### Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.0.0.1:1645, id=91, length=97 Framed-Protocol = PPP User-Name = "[EMAIL PROTECTED]" User-Password = "password" NAS-Port-Type = Virtual NAS-Port = 267 Service-Type = Framed-User NAS-IP-Address = 10.0.0.1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 13 modcall[authorize]: module "preprocess" returns ok for request 13 modcall[authorize]: module "chap" returns noop for request 13 rlm_realm: Looking up realm "dsl.adslco.com" for User-Name = "[EMAIL PROTECTED]" rlm_realm: No such realm "dsl.adslco.com" modcall[authorize]: module "suffix" returns noop for request 13 users: Matched DEFAULT at 168 users: Matched DEFAULT at 180 modcall[authorize]: module "files" returns ok for request 13 modcall: group authorize returns ok for request 13 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [EMAIL PROTECTED]/password] (from client l2tp-tunnel port 267) Delaying request 13 for 1 seconds Finished request 13 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 91 to 10.0.0.1:1645 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 13 ID 91 with timestamp 4434a5b6 Nothing to do. Sleeping until we see a request. ### It looks like because I removed: ### DEFAULT Auth-Type = System Fall-Through = 1 ### It's failing because no Auth-Type is set. Tony -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Phil Mayers Sent: 05 April 2006 09:46 To: FreeRadius users mailing list Subject: Re: FreeRadius out of the box.... Tony Spencer wrote: > On testing I found users still couldn't authenticate by PAP or CHAP, I > run "radiusd -X" and from what I could see its because of the Default > setting: > > DEFAULT Auth-Type = System > > Fall-Through = 1 > > That is no longer in the default config in CVS. If/when it'll make it into a release version, one of the developers would have to reply. > > What do I need to change to get Freeradius to accept both PAP and CHAP > authentication? > Remove that entry for a start. FR 1.0.1 isn't a version I have installed or the source knocking around for, but at least in current versions (fixed in CVS) the handling of PAP and Auth-Type is a little inconsistent - there's no authorize handler for PAP. You want something like: modules { pap { encryption_scheme = clear } chap { authtype = CHAP } # .. rest of modules } authorize { preprocess chap files } authenticate { Auth-Type CHAP { chap } Auth-Type PAP { pap } } ...and in "users": username User-Password := "string", Auth-Type = PAP ...since the Auth-Type is set using "=" if Auth-Type is ALREADY CHAP from the chap module, it won't be changed. If it isn't set, it'll be set to PAP and executed appropriately. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html