On Sat, 9 Sep 2006, Keith Woodworth wrote: |->|-> |->|->> And while Radius seems to send an Access-Accept, the dialup user gets an |->|->> error 691 password invalid. |->|-> |->|-> Because you're not sending the same reply attributes as in the |->|->previous example. Fix that. |->|-> |->|->> Again I get Access-Accept, but a 691 password error on the client side. |->|-> |->|-> Again because the replies are empty. |-> |->Just testing a different way to do this I setup the users file with: |-> |->DEFAULT Service-Type = Framed-User |-> Framed-Protocol = PPP, |-> Framed-Routing = None, |-> Framed-IP-Netmask = 255.255.255.255, |-> Framed-Compression = Van-Jacobsen-TCP-IP, |-> Framed-MTU = 1500 |-> |->Now when I try to login: |->
Again had to put this aside for a few days (really starting to grind on me, its a wonder I actually get any work done) Anyway so started in again on this. One thing overall I think that has confused me is that I was trying to do everything from SQL, which now I dont think I need to do. Basicall: Have a user and their crypted password stored in SQL, have radius query the database for that info, if its ok, start a PPP session. Only way I could get that to work was have the username in both the radcheck AND usergroup tables. I didnt want it to work that way as it would be extra work to populate the database from our current radius setup, which uses Auth-Type System. I think I have figured it out, though not sure if its the correct way. Use a combination of users(5) and SQL. Have the user and password in radcheck, auth-type=local in radgroupcheck and use the users(5) file to do the rest and it seems to finally work. My users file: DEFAULT Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Routing = None, Framed-IP-Netmask = 255.255.255.255, Framed-Compression = Van-Jacobsen-TCP-IP, Framed-MTU = 1500 Using it like this works. But as soon as I use it this way: DEFAULT Service-Type = Framed-User Framed-Protocol = PPP, Framed-Routing = None, Framed-IP-Netmask = 255.255.255.255, Framed-Compression = Van-Jacobsen-TCP-IP, Framed-MTU = 1500 Why does the top way work and the bottom way not? And is this an acceptable way to do it? Store the users and passwords in SQL and have the Users file supply the rest? Thanks, Keith - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html