From owner-freebsd-questions  Thu Oct 19 20:17:18 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from w2xo.pgh.pa.us (ipl-229-070.npt-sdsl.stargate.net [208.223.229.70])
	by hub.freebsd.org (Postfix) with ESMTP id 4733337B4D7
	for <questions@freebsd.org>; Thu, 19 Oct 2000 20:17:16 -0700 (PDT)
Received: from w2xo.pgh.pa.us (shazam.w2xo.pgh.pa.us [192.168.5.3])
	by w2xo.pgh.pa.us (8.9.3/8.9.3) with ESMTP id DAA84773;
	Fri, 20 Oct 2000 03:15:50 GMT
	(envelope-from durham@w2xo.pgh.pa.us)
Message-ID: <39EFF1FB.33A2318A@w2xo.pgh.pa.us>
Date: Fri, 20 Oct 2000 03:19:23 -0400
From: Jim Durham <durham@w2xo.pgh.pa.us>
Organization: dis-
X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Mike Tancsa <mike@sentex.net>
Cc: questions@freebsd.org
Subject: Re: Radiusd with Portmaster2 on FreeBSD4.1
References: <SEN.971924764.962929327@news.sentex.net> <nc5vus474304u546up6k3qctgcgrte6i86@4ax.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Mike Tancsa wrote:
> 
> On 18 Oct 2000 23:06:04 -0400, in sentex.lists.freebsd.questions you wrote:
> 
> >I'm using the cistron radiusd on FreeBSD 4.1 with an old Portmaster
> >2E to authenticate a user base of around 100 users.
> 
> It does work, as we have several such boxes still in a few pops.  What does
> /var/log/radius show for the error ? ie. why is RADIUS rejected them ?
> Also, is your radius server running on a machine that has multiple
> interfaces ? If so, specify the address to bind to explicitly.
> 

Since I posted, I played around with it today and discovered that
turning on PAP authentication on the Portmaster made it work.

The docs indicate that you have to have CHAP off for the authentication
to work, but I don't believe it said that PAP must be on, although
it did indicate that PAP would work. I just tried it in desperation,
and it started working. 

There were no error messages with PAP and CHAP off and running
radiusd in "-x -x" mode for max debugging. The only clue was that
it kept reporting a CHAP password was being sent from the Portmaster,
even though CHAP was off.

I've been watching the log file all night, and I haven't seen a failed
authentication yet, so I guess I'm all OK, but puzzled.

Thanks for the interest.

Jim Durham


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message