[chap-secrets]
Chap-secret is the module of authentication which works with user authentication data and other data (username, password, ip address, speed etc.) stored as local file. Currently accel-ppp may works only with one of the authentication method, chap-secrets or RADIUS. RADIUS has more priority if set in [modules] section. Remove or #comment radius from section [modules] if you want use chap-secrets. Example:
[modules]
chap-secrets
#radius
Configuration
- chap-secrets=/path/to/file
By default is
chap-secrets=/etc/ppp/chap-secretsSpecifies alternate chap-secrets file location.
- username-hash=hash1[,hash2]
By default is not defined.
Specifies hash chain to calculate username hash. hash1, hash2 are openssl known digest names (md5, sha1, etc). For example,
username-hash=md5,sha1means hash username through md5 and then binary result hash through sha1. Username have to be specified as hexadecimal dump of digest result.Password field have to be encrypted using smbencrypt (NT Hash part).- encrypted=0|1
By default is disabled:
encrypted=0Specifies either chap-secrets is encrypted.
Note:
Encryption is incompatible with auth_chap_md5 module.
To enable chap-secrets encryption ablity accel-ppp must be compiled with -DCRYPTO=OPENSSL (which is default).
- gw-ip-address=x.x.x.x[/mask]
By default is not defined.
Specifies address to use as local address of ppp interfaces if chap-secrets is used for IP address assignment. Mask is used for IPoE.
Chap-secrets file example
#client server secret ip-address speed
user001 * password1 100.64.100.1 20480/10240
user002 * passowrd2 * 10240/10240
user003 * passowrd3 ip_pool1 10240
eth0.101 * eth0.101 ipoe_pool 20480
100.64.0.2 * 100.64.0.2 *
The first column contain username.
The second column is only keep for support chap secrets files standard.
The third column contain secret or password.
The fourth column may contain allocated ip address or pool name which configured in
[ip-pool]section.The fifth column contain rate-limit.