Sorry,
I didn't see your answer. I just got it via the archives.
I explain a little bit more. We are using freeradius for VPN access,
which can be done using PPTP or IPSEC
PPTP is done using mschap
IPSEC is done using a shared group secret, then a classic ldap user bind
to check the identity.
The ippool we use shall be common, so we can't split between to radius
configs.
Our radiusd.conf was working for that without any problem for years,
just until we get a new release.
freeradius 1.0.2-4sarge3 stable was OK
Just moving, the behaviour changed
I believe that there's somewhere a little difference that prevent a
working config:
NOK rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
then rad_check_password: Found Auth-Type ldap
OK rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP'
Then rad_check_password: Found Auth-Type MS-CHAP
I believe that mschap or MS-CHAP makes the difference.
Dominique
Alan DeKok a écrit :
LALOT Dominique wrote:
Before, I was able to do LDAP or MSCHAP automatically.
I had and entry in users
lalot Auth-Type := ldap
That will prevent MS-CHAP from working. See:
http://deployingradius.com/documents/protocols/oracles.html
The short answer is DON'T SET Auth-Type.
And don't do LDAP "bind as user" if you can help it.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Dominique LALOT
Ingenieur Systeme et Reseaux
http://annuaire.univmed.fr/showuser.php?uid=lalot
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
