Date: Fri, 13 Feb 1998 20:39:29 +0100 From: "IBS / Andre Oppermann" <andre@pipeline.ch> To: "Steven Fletcher (Shellnet IRC administrator)" <ircadmin@shellnet.co.uk> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: RADIUS for BSDi running under FreeBSD Message-ID: <34E4A171.4EC6840C@pipeline.ch> References: <98021315324314200@mailhost.shellnet.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Steven Fletcher (Shellnet IRC administrator) wrote: > > Dear gurus..... > > I am trying swap all of my dial up users over to a RADIUS authentication > system so that we no longer need to have 150 users on our Windows NT box I did the same some weeks ago with some boxes, much better now. > (Service Pack 3 + RRAS with a Hotfix). I installed and ran Livingston RADIUS > 2.0.1 for BSDi onto my FreeBSD v2-2-5 box and then proceeded to make the > following entry into my /etc/raddb/users file: > > dud Password = "dud", > Service-Type = Framed-User, > Framed-Protocol = PPP looks good... > Then I proceeded to configure my NT box to use the RADIUS authentcation > system (it's running RAS and allowing it to accept clear text passwords. By > dialing up with a Windows 95 computer (set to not "Require Encrypted > Passwords") we saw the NT box talking to the BSD box as follows: > > Fri Feb 13 13:45:14 1998: [1270] radrecv: Request from host <NT IP> code=1, > id=2, length=82 > Fri Feb 13 13:45:14 1998: [1270] User-Name = "dud" > Fri Feb 13 13:45:14 1998: [1270] CHAP-Challenge = > "Yb\201\365\301~\024\221\220Z\341\320\2058\275\001" > Fri Feb 13 13:45:14 1998: [1270] CHAP-Password = "" > Fri Feb 13 13:45:14 1998: [1270] NAS-Port = 0 > Fri Feb 13 13:45:14 1998: [1270] Framed-Protocol = PPP > Fri Feb 13 13:45:14 1998: [1270] NAS-Identifier = "<NT's NetBIOS name>" > Fri Feb 13 13:45:14 1998: [1303] Sending Reject of id 2 to <NT domain name> > (<NT IP>) > > And then the NT box then drops the connection. You have to tweak the Registry. Delete the SPAP and CHAP keys in /HKEY_LOCAL_MACHINE/SYSTEM/CURRENTCONTROLSET/SERVICES/RASMAN/PPP/ (and yes, do it again every time you have changed somthing on your box) The RADIUS server can't handle the SPAP/CHAP encryption (MS-specific). > Has anyone _ever_ got UN*X RADIUS to work with an NT client - if anyone can > help I'd be most grateful - or would it be possible for somone to forward > some configuration files ? -- Andre Oppermann CEO / Geschaeftsfuehrer Internet Business Solutions Ltd. (AG) Hardstrasse 235, 8005 Zurich, Switzerland Fon +41 1 277 75 75 / Fax +41 1 277 75 77 http://www.pipeline.ch ibs@pipeline.ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34E4A171.4EC6840C>