Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: compsos on January 09, 2008, 01:19:49 PM

Title: Adding Auth-Types to radiusd.conf
Post by: compsos on January 09, 2008, 01:19:49 PM

Hi

We have been trying to configure the Freeradius server to work with Telstra's IPWAN network from 3G data modems and have most of it working but still sending a reject packet back.

I think the solution is to add CHAP to the radiusd.conf file. Would like to confirm the correct way to add this mod without breaking the existing and working VPN configuration.

Should it be done as new propkeys in the DB or template fragments?

TIA

Gordon

"rlm_passwd: Adding "Auth-Type = MS-CHAP"
  modcall[authorize]: module "smbpasswd" returns ok for request 2
    users: Matched iama3g at 15
  modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns ok for request 2
  rad_check_password:  Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 2
  rlm_mschap: Found LM-Password
  rlm_mschap: Found NT-Password
  rlm_mschap: No MS-CHAP-Challenge in the request
  modcall[authenticate]: module "mschap" returns reject for request 2"

Title: Re: Adding Auth-Types to radiusd.conf
Post by: cactus on January 09, 2008, 04:14:57 PM

Normally configuration files are templated, since I do not know which configuration file you are mentioning I can not say if yours is as well. More information on the template system and how to make changes to configuration files can be found in the SME Server Developers Guide linked in the wiki.

Title: Re: Adding Auth-Types to radiusd.conf
Post by: stephen noble on January 09, 2008, 05:23:42 PM

Quote from: compsos on January 09, 2008, 01:19:49 PM

I think the solution is to add CHAP to the radiusd.conf file. Would like to confirm the correct way to add this mod without breaking the existing and working VPN configuration.

Should it be done as new propkeys in the DB or template fragments?

Hi Gordon
If you can post a working radiusd.conf I can sort out how best to work it into SME

or
slot in a fragment in the following location, plain text for now and we'll see if you need variables later

[root@kiwi e-smith]# slocate radiusd.conf
/etc/raddb/radiusd.conf
/etc/e-smith/templates/etc/raddb/radiusd.conf
/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules40reject
/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules30smbpasswd
/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules45acctUnique
/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules05preprocess
/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules25mschap
/etc/e-smith/templates/etc/raddb/radiusd.conf/30modules99end
/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules50detail
/etc/e-smith/templates/etc/raddb/radiusd.conf/80accounting99end
/etc/e-smith/templates/etc/raddb/radiusd.conf/80accounting40default
/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules35files
/etc/e-smith/templates/etc/raddb/radiusd.conf/65authorization40default
/etc/e-smith/templates/etc/raddb/radiusd.conf/80accounting00init
/etc/e-smith/templates/etc/raddb/radiusd.conf/70authenticate
/etc/e-smith/templates/etc/raddb/radiusd.conf/15configuration
/etc/e-smith/templates/etc/raddb/radiusd.conf/65authorization00init
/etc/e-smith/templates/etc/raddb/radiusd.conf/05init
/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules10suffix
/etc/e-smith/templates/etc/raddb/radiusd.conf/75preacct
/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules20eap
/etc/e-smith/templates/etc/raddb/radiusd.conf/65authorization99end
/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules15ntdomain
/etc/e-smith/templates/etc/raddb/radiusd.conf/20modules00init
/etc/e-smith/templates/etc/raddb/radiusd.conf/10security
/etc/e-smith/events/console-save/templates2expand/etc/raddb/radiusd.conf
/etc/e-smith/events/user-modify-admin/templates2expand/etc/raddb/radiusd.conf
/etc/e-smith/events/user-delete/templates2expand/etc/raddb/radiusd.conf
/etc/e-smith/events/password-modify/templates2expand/etc/raddb/radiusd.conf
/etc/e-smith/events/bootstrap-console-save/templates2expand/etc/raddb/radiusd.conf
/etc/e-smith/events/remoteaccess-update/templates2expand/etc/raddb/radiusd.conf
/etc/e-smith/events/user-create/templates2expand/etc/raddb/radiusd.conf
/etc/e-smith/events/user-modify/templates2expand/etc/raddb/radiusd.conf
/etc/e-smith/events/user-lock/templates2expand/etc/raddb/radiusd.conf

Regards
Stephen