Unknown username and password matching
aland at deployingradius.com
Thu Apr 11 08:35:53 CEST 2019
On Apr 10, 2019, at 11:07 PM, Dan Strong <danstrong_01 at hotmail.co.uk> wrote:
> I'm trying authenticate users on to different networks but without their usernames and passwords.
> Basically they input a specific psk on wireless and this then hits the radius and sends them onto a vlan.
> So I have this working using DEFAULT auth-type = accept.
> It's matching a Cisco avpair psk and vlan attribute, they get dropped on to a specific vlan. This works.
> If I put the wrong psk in, I don't get on the network so this is good and expected. It's matching the Cisco avpair psk in radius.
That's also good.
> Is there any way to have a 2nd DEFAULT and have it match a 2nd cisco avpair? So in essence it looks at the first and says no, moves to the 2nd set of attributes? Validates a different password and drops them on a different vlan.
> I know I'm using default and it's matching anything, maybe there is another way? I don't want to match a sent username and password to confirm as this is sent as the devices Mac address which would be unknown to me.
> Feel like this should work somehow but I'm missing something...
It's not clear what you want it to do. You're asking about a particular solution. Which means that the *problem* isn't clear.
What do you want it to do? Talk about results, not about configuration files.
If you're not doing username / password checks, how do you distinguish users in one VLAN from users in another VLAN?
More information about the Freeradius-Users