Reputation: 2530
How to make freeradius authenticate with CHAP instead with PAP
I i have installed freeradius 3 on server, and i have try to test chap by
radtest -t chap ahmed test localhost 1812 testing123
and i received "Access-Accept".
But when i tried to connect through captive portal with the same credential, it authenticate via PAP cause the password that saved in radpostauth table is saved as clear text, this mean that radius is authenticated via PAP.
i also read that in file sites-enabled/default in the Authentication section
This section lists which modules are available for authentication. Note that it does NOT mean 'try each module in order'. It means that a module from the 'authorize' section adds a configuration attribute 'Auth-Type := FOO'. That authentication type is then used to pick the appropriate module from the list below.
and when i try to add
Auth-Type := CHAP
inside authenticate to be like this
authenticate
{
Auth-Type := CHAP
}
it gives me an error
/etc/raddb/sites-enabled/default[452]: Entry is not a reference to a module
/etc/raddb/sites-enabled/default[444]: Errors parsing authenticate section.
So where i should tell radius to authenticate with CHAP only ??
Upvotes: 0
Views: 14874
Answers (1)
Reputation: 6065
Because you've invented syntax instead of following the examples already in the file.
You just need to list:
authorize {
chap
...
}
authenticate {
chap
}
And it'll work fine.
If you want to pull records from an sql table
authorize {
update control {
Cleartext-Password := "%{sql:SELECT <query to get password>}"
}
chap
}
Upvotes: 0
Related Questions
- Freeradius + Active Directory + Google Authenticator
- FreeRADIUS Version 3.0.13 - Failed to find 'Auth-Type EAP' section
- Freeradius users operators
- FreeRADIUS Python Module “Unknown or invalid value ”Python“ for attribute Auth-Type”
- Authentication error in freeradius server
- How to configure Freeradius to use PEAP as an outer method and EAP-TLS as the inner Method?
- authenticate user stored in freeradius by other system