Blank Password Problem

Satyam Mathura satz.sm at gmail.com
Fri Jan 22 00:28:15 CET 2010


Quick update.
Although the radius server no longer accepts blank passwords, i now have a
problem where users who belong to groups which are not allowed to access nas
devices in certain huntgroups can now do so.
Any ideas?

On Thu, Jan 21, 2010 at 7:14 PM, Satyam Mathura <satz.sm at gmail.com> wrote:

> The reason i had those configs was because they were outlined as steps to
> reject authentication by default in the guide i was using.
>
> http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
>
> "Note: If you want to reject authentication by default then edit the
> raddb/users file and add this:
>
> DEFAULT   Auth-Type := Reject
>
> Then add Auth-Type Accept with := as op in radgroupcheck for each group"
>
>
> I've commented out the DEFAULT   Auth-Type := Reject in the users file
>
> and removed the Auth-Type  :=  Accept from the radgroupcheck table and the
> server no longer accepts a blank password.
>
>
> Guide is incorrect or needs updating?
>
> Thanks for the help guys.
>
>
>
>
>
>
> On Thu, Jan 21, 2010 at 6:58 PM, Bjørn Mork <bjorn at mork.no> wrote:
>
>> Satyam Mathura <satz.sm at gmail.com> writes:
>>
>> > Line 204 in my users file is the following:
>> > DEFAULT   Auth-Type := Reject
>>
>> You don't want that.  It removes the server's ability to figure it out
>> by itself.
>>
>>
>> > my radgroupcheck config:
>> > +----+------------------+----------------+----+----------------+
>> > | id | groupname        | attribute      | op | value                 |
>> > +----+------------------+----------------+----+----------------+
>> > |  5 | engineeringadmin | Huntgroup-Name | == | admin     |
>> > |  6 | engineeringadmin | Auth-Type      | := | Accept         |
>>
>> Why? This will make the server act as you describe: Any username in the
>> engineeringadmin group will be accepted regardless of password.
>>
>>
>> Bjørn
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100121/065b9879/attachment.html>


More information about the Freeradius-Users mailing list