Phil, you got it working!<br><br>All of what you wrote was right:<br>- added <span style="font-family: courier new,monospace;">Cleartext-Password2</span> to <span style="font-family: courier new,monospace;">/usr/share/freeradius/dictionary.freeradius.internal</span><br>
- created user file like this:<br><span style="font-family: courier new,monospace;">user Cleartext-Password := "1", Cleartext-Password2 += "2"</span><br>- updated<span style="font-family: courier new,monospace;"> sites-enabled/default</span> to look like this (<i>authorize </i>section)<br>
<br><span style="font-family: courier new,monospace;">[..]</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> #</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> # Read the 'users' file</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> files {</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> }</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> if (("%{User-Password}" != "%{control:Cleartext-Password}") && ("%{User-Password}" != "%{control:Cleartext-Password2}")) {</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> update reply {</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> Reply-Message = "I suck at FreeRadiusing!"</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> }</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> reject</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> }</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> else {</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> update control {</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> Auth-Type := Accept</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> }</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> }</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">[..]</span><br><br>If I can buy you a beer or something (thinking of <a href="https://secure.wikimedia.org/wikipedia/en/wiki/Beerware">https://secure.wikimedia.org/wikipedia/en/wiki/Beerware</a> or <a href="https://secure.wikimedia.org/wikipedia/en/wiki/Postcardware">https://secure.wikimedia.org/wikipedia/en/wiki/Postcardware</a>) just email me :)<br>
<br>Best Regards<br><br><br><br><br><div class="gmail_quote">2011/7/7 Equin Nix <span dir="ltr"><<a href="mailto:equin.nix@googlemail.com">equin.nix@googlemail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi Phil,<br><br>thanks a lot for the fast answer! Unfortunatelly your radius-skills seem to be far far from mine, but I think I get the point.<br><br>I tried to add the following to <i>sites-enabled/default</i> (int authorize section) (Its not a full copy of your text, I wanted to start step by step):<br>
<br><div style="margin-left:40px"><span style="font-family:courier new,monospace">[...]</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace"> #</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace"> # Read the 'users' file</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace"> files {</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace"> # compare them</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace"> if (User-Password != control:Cleartext-Password) {</span><div class="im">
<br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace"> reject</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace"> }</span><br style="font-family:courier new,monospace">
<br style="font-family:courier new,monospace"><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace"> # probably need to set Auth-Type := Accept here</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace"> update control {</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace"> Auth-Type := Accept</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace"> }</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace"> }</span><br style="font-family:courier new,monospace">
</div><span style="font-family:courier new,monospace">[...]</span><br></div><br>and freeradius won't start (even if I remove the update control section). This is the error:<br><div style="margin-left:40px"><span style="font-family:courier new,monospace">[...]</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">/etc/freeradius/sites-enabled/default[154]: Subsection of module instance call not allowed</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">/etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.</span><br>
</div><br>Any idea what might cause the trouble? Line 154 is the "if (User-Password...." line.<br><br>BTW: It is not possible with RegEx?<br><br>Best regards from Germany<div><div></div><div class="h5"><br><br>
<br><br><div class="gmail_quote">
2011/7/7 Phil Mayers <span dir="ltr"><<a href="mailto:p.mayers@imperial.ac.uk" target="_blank">p.mayers@imperial.ac.uk</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>On 07/07/11 09:51, Equin Nix wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>
Hi,<br>
<br>
I am trying to set up something very basic (at least from my point of<br>
view): I would like to have a User with multiple passwords (two<br>
actually). How would I do this? I tried the following:<br>
<br>
/alice Auth-Type=Local, Cleartext-Password := "test1"<br></div>
alice Auth-Type=Local, Cleartext-Password := "test2"/<br>
</blockquote>
<br>
Do not set Auth-Type. It's almost always wrong, and is certainly wrong in this case.<br>
<br>
<br>
It might be possible to have >1 password; but it will probably only work for PAP requests, unless you play carefully with module failover.<br>
<br>
It also probably won't work in the "users" file; this is because the "User-Password" attribute is handled specially here, as a compatibility synonym for Cleartext-Password.<br>
<br>
You could try something like this - define a second password attribute in raddb/dictionary:<br>
<br>
<br>
ATTRIBUTE Cleartext-Password2 3002 string<br>
<br>
...then set both in the "users" file:<br>
<br>
alice Cleartext-Password := "foo", Cleartext-Password2 := "bar"<br>
<br>
...then use unlang to perform the comparisons in sites-enabled/default:<br>
<br>
authorize {<br>
<br>
...<br>
# read the passwords from "files"<br>
files<br>
# compare them<br>
if ((User-Password != control:Cleartext-Password) && \<br>
(User-Password != control:Cleartext-Password2)) {<br>
reject<br>
}<br>
<br>
# probably need to set Auth-Type := Accept here<br>
update control {<br>
Auth-Type := Accept<br>
}<br>
}<br>
<br>
If you want to do this with requests that aren't PAP e.g. CHAP, MSCHAP/PEAP etc. then it will be much harder.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/<u></u>list/users.html</a><br>
</blockquote></div><br>
</div></div></blockquote></div><br>