Unknown username and password matching
Alan DeKok
aland at deployingradius.com
Fri Apr 12 08:55:31 CEST 2019
On Apr 11, 2019, at 8:40 PM, Dan Strong <danstrong_01 at hotmail.co.uk> wrote:
>
> I'm wondering if anyone could give me a config example on this? Feel like I'm going round in circles and not sure if what I'm asking is possible? Below is what I originally had:
>
> DEFAULT Auth-Type = Accept
> Tunnel-Private-Group-ID = "100",
> Cisco-AVPair = "psk=testcisco1"
>
> DEFAULT Auth-Type = Accept
> Tunnel-Private-Group-ID = "101",
> Cisco-AVPair = "psk=testcisco2"
>
> I know the first entry will be matched, which is why its only dropping me on to vlan 100 with testcisco1 only validating.
The documentation describes how this works.
> So below I've got the following:
>
> In dictionary I set an attribute as a string called: Cisco-Wireless-PSK
>
> Then I have key in the files set as:
>
> key = %{Cisco-Wireless-PSK]" }
>
> I have then written the below, BUT I've no idea which file or where this should be placed...
>
> foreach (Cisco-AVPair) {
> if %{Foreach-Variable-0} =~ /^psk=testcisco[0-9](.+)$/) {
> update control {
> Cisco-Wireless-PSK := "%{1}"
> }
> }
> }
Again, the documentation describes how the server works. Also, if you run the server in debugging mode, you will see which files it loads, and what configuration sections are run.
Go read sites-enabled/default. This is documented extensively. Also read the technical guide available here: https://networkradius.com/freeradius-documentation/
That goes through the server basics in great detail.
You want the "foreach" loop to go into the "authorize" section, before the "files" module. This should all become clear by reading the above referenced documentation.
Alan DeKok.
More information about the Freeradius-Users
mailing list