Multiple Password Auth

Alan DeKok aland at
Thu Jun 18 22:37:00 CEST 2020

On Jun 18, 2020, at 3:45 PM, Miguel Barrera <miguel.barrera at> wrote:
> We have a captive portal integrated with freeradius for auth and
> accounting, and I have a question, how can I handle multiple password (PAP
> ClearText Password) with a single User?, for auth, we use the sql module so
> the passwords are stored on a mysql database.
> There are some scenarios where we need to store two or three password for
> the same user, here is the log for one of these password and the radcheck
> table registers of this user.

  Do you mean that the one user has multiple passwords, and can log in with any of them?

  If so, it's possible.  But the default SQL queries aren't really set up to do that.

> Ready to process requests
> (8) Received Access-Request Id 4 from to length 345
> (8)   User-Name = "a450460f6823"
> (8)   User-Password = "a450460f6823"

  You're better off checking for that case specially, and allowing it.  And, only putting in the *other* password into SQL


authorize {

	# user was found in SQL, but we don't use that password
	if (found && (&User-Name == &User-Password)) {
	else {
		pap # check Cleartext-Password from SQL

  Alan DeKok.

More information about the Freeradius-Users mailing list