From owner-freebsd-isp Fri Feb 13 11:40:43 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA19925 for freebsd-isp-outgoing; Fri, 13 Feb 1998 11:40:43 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from freefall.pipeline.ch (freefall.pipeline.ch [195.134.128.40]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA19913 for ; Fri, 13 Feb 1998 11:40:40 -0800 (PST) (envelope-from andre@pipeline.ch) Received: from pipeline.ch ([195.134.128.41]) by freefall.pipeline.ch (Netscape Mail Server v2.02) with ESMTP id AAA273; Fri, 13 Feb 1998 20:38:49 +0100 Message-ID: <34E4A171.4EC6840C@pipeline.ch> Date: Fri, 13 Feb 1998 20:39:29 +0100 From: "IBS / Andre Oppermann" Organization: Internet Business Solutions Ltd. (AG) X-Mailer: Mozilla 4.03 [en] (WinNT; U) MIME-Version: 1.0 To: "Steven Fletcher (Shellnet IRC administrator)" CC: freebsd-isp@FreeBSD.ORG Subject: Re: RADIUS for BSDi running under FreeBSD References: <98021315324314200@mailhost.shellnet.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Steven Fletcher (Shellnet IRC administrator) wrote: > > Dear gurus..... > > I am trying swap all of my dial up users over to a RADIUS authentication > system so that we no longer need to have 150 users on our Windows NT box I did the same some weeks ago with some boxes, much better now. > (Service Pack 3 + RRAS with a Hotfix). I installed and ran Livingston RADIUS > 2.0.1 for BSDi onto my FreeBSD v2-2-5 box and then proceeded to make the > following entry into my /etc/raddb/users file: > > dud Password = "dud", > Service-Type = Framed-User, > Framed-Protocol = PPP looks good... > Then I proceeded to configure my NT box to use the RADIUS authentcation > system (it's running RAS and allowing it to accept clear text passwords. By > dialing up with a Windows 95 computer (set to not "Require Encrypted > Passwords") we saw the NT box talking to the BSD box as follows: > > Fri Feb 13 13:45:14 1998: [1270] radrecv: Request from host code=1, > id=2, length=82 > Fri Feb 13 13:45:14 1998: [1270] User-Name = "dud" > Fri Feb 13 13:45:14 1998: [1270] CHAP-Challenge = > "Yb\201\365\301~\024\221\220Z\341\320\2058\275\001" > Fri Feb 13 13:45:14 1998: [1270] CHAP-Password = "" > Fri Feb 13 13:45:14 1998: [1270] NAS-Port = 0 > Fri Feb 13 13:45:14 1998: [1270] Framed-Protocol = PPP > Fri Feb 13 13:45:14 1998: [1270] NAS-Identifier = "" > Fri Feb 13 13:45:14 1998: [1303] Sending Reject of id 2 to > () > > And then the NT box then drops the connection. You have to tweak the Registry. Delete the SPAP and CHAP keys in /HKEY_LOCAL_MACHINE/SYSTEM/CURRENTCONTROLSET/SERVICES/RASMAN/PPP/ (and yes, do it again every time you have changed somthing on your box) The RADIUS server can't handle the SPAP/CHAP encryption (MS-specific). > Has anyone _ever_ got UN*X RADIUS to work with an NT client - if anyone can > help I'd be most grateful - or would it be possible for somone to forward > some configuration files ? -- Andre Oppermann CEO / Geschaeftsfuehrer Internet Business Solutions Ltd. (AG) Hardstrasse 235, 8005 Zurich, Switzerland Fon +41 1 277 75 75 / Fax +41 1 277 75 77 http://www.pipeline.ch ibs@pipeline.ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message