Radius users state

tnt at kalik.net tnt at kalik.net
Tue Sep 16 12:15:13 CEST 2008


First a few basic things. Are you using a very old version of the server?
If you are, unlang is not going to work. If you are not, don't use
Auth-Type Local and User-Password but Cleartext-Password as per
instructions in users file.

You can't pass priv level in Reply-Message. You need to consult your NAS
documentation to see how it's done. It's usually passed in vendor
specific attributes like Cisco avpairs.

>/ets/raddb/users have first entry for each user with correct passwd,
>followed by wrong passwd(kept it as regular expression *)
>
>xyz Auth-Type := Local , User-password = "xyz"
>            Reply-Message = "successfull level(2)."
>
>xyz Auth-Type := Reject , User-password =~ "*"
>           Reply-Message = "Invalid passwd for xyz(level 2)."
>

You don't need regexp there. If user entries with passwords weren't
matched it means that password is - wrong. No need to check for that.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list