<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:12pt"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">Hi,<br>
<br>
1. Post-Auth packet becomes empty with that approach<br>
2. eap module works different with that approach<br>
radiusd.conf:<br>
authenticate {<br>
.... <br>
eap<br>
....<br>
}<br>
Got the output (radiusd -X):<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 0<br>
modcall[authorize]: module "preprocess" returns ok for request 0<br>
radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.1/auth-detail-20070329'<br>
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/10.10.10.1/auth-detail-20070329<br>
modcall[authorize]: module "auth_log" returns ok for request 0<br>
rlm_realm: No '@' in User-Name = "agentnode", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "suffix" returns noop for request 0<br>
rlm_eap: EAP packet type response id 0 length 14<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 0<br>
users: Matched entry DEFAULT at line 164<br>
modcall[authorize]: module "files" returns ok for request 0<br>
modcall: leaving group authorize (returns updated) for request 0<br>
rad_check_password: Found Auth-Type Accept<br>
rad_check_password: Auth-Type = Accept, accepting the user<br>
radius_xlat: 'success'<br>
Login OK: [agentnode] (from client erico-gprt port 2 cli 00-40-F4-C5-88-C7)<br>
Sending Access-Accept of id 0 to 10.10.10.1 port 2015<br>
Reply-Message = "success"<br>
Finished request 0<br>
Going to the next request<br>
--- Walking the entire request list ---<br>
Waking up in 6 seconds...<br>
rad_recv: Access-Accept packet from host 10.10.10.1:2015, id=0, length=29<br>
Authentication reply packet code 2 sent to a non-proxy reply port from client erico-gprt:2015 - ID 0 : IGNORED<br>
--- Walking the entire request list ---<br>
Waking up in 3 seconds...<br>
--- Walking the entire request list ---<br>
Cleaning up request 0 ID 0 with timestamp 460c15b6<br>
Nothing to do. Sleeping until we see a request.<br>
<br>
Thanks, Erico. <br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">----- Mensagem original ----<br>De: joe vieira <jvieira@clarku.edu><br>Para: FreeRadius users mailing list <freeradius-users@lists.freeradius.org><br>Enviadas: Quinta-feira, 29 de Março de 2007 16:23:24<br>Assunto: Re: DEFAULT and users file<br><br><div>Erico Augusto wrote:<br>> Hi,<br>><br>> I'm using EAP-TTLS to supplicant authentication.<br>><br>> to authenticate the users at freeradius, I'm using users file to match <br>> user's password:<br>> ....<br>> user User-Password == "test"<br>> Reply-Message = "success"<br>> ....<br>> Is there a way, using DEFAULT, for example, to return success to all <br>> users without the necessity to match the User-Password(bypass <br>> freeradius authentication). What
I'm trying to do is authenticate <br>> users just at post-auth. I'm using some examples from doc directory, <br>> but without success...<br>> Thanks, Erico.<br>><br>do you mean like,?<br><br>DEFAULT Auth-Type := Accept<br> Reply-Message = "success"<br>to accept all users and reply success to them<br><br>or just<br>DEFAULT<br> Reply-Message = "success"<br><br>just to reply success to everyone (im pretty sure)<br>- <br>List info/subscribe/unsubscribe? See <a target="_blank" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br></div></div><br></div></div><br>__________________________________________________<br>Fale
com seus amigos de graça com o novo Yahoo! Messenger <br>http://br.messenger.yahoo.com/ </body></html>