Auth-Test accounts in "users" file

Alan DeKok aland at deployingradius.com
Wed Mar 26 07:15:50 CET 2008


James McOrmond wrote:
> Is it possible/appropriate to have some test accounts in the "users"
> file, along with an Auth-Type set to which auth type this account can be
> used for?

  Yes.  But don't set Auth-Type.  Please.

> We're testing a client that we're building (based on wpa_supplicant on
> linux), so would like to confirm the different auth methods are actually
> connecting as configured.

  I would say to use 2.0.  The new "unlang" policy language makes this
much easier.

> I was thinking something like:
> 
> test-pap   Auth-Type = PAP, User-Password := "pap-test"
> test-chap Auth-Type = CHAP, User-Password := "chap-test"

  Or...

 if (User-Name == "test-pap") {
	if (User-Password)  {
		update control {
			Cleartext-Password := "pap-test"
		}
        }
	else {
		# test failed, do something...
		reject
	}
 }


  It's a lot more verbose, but also a lot clearer, I think.

> I guess the question is how to do all the options that are inside EAP..

  The EAP-Type attribute contains the EAP type.  It exists after the
"eap" module has been executed in the "authorize" section.

  Alan DeKok.




More information about the Freeradius-Users mailing list