Thanks for reply. I am creating a general component and I have tendency to not change radius server configuration (otherwise, all the users using my component should set these configurations in their radius server). Is it possible that we check whether a user with the entered username exist in the radius server or not by sending a query to the radius server? I solved this problem in Active Directory by sending ldap query to the server. In this solution, if the authentication request is rejected, I will send a query to the server and I will check whether this user is defined in the active directory or not. If the user exists in the active directory, I conclude that password is wrong. Otherwise, the entered username is wrong. Is this solution applicable to the Radius Server (Radius server supports such query or something like that?) ? On 1/27/2013 5:42 PM, Alan DeKok wrote:
malizadeh wrote:
I installed a FreeRADIUS and I want to authenticate users by using this server. However, when a request is rejected there is ambiguity:
1. Username exist but password is wrong 2. This username does not exist in the server
I need to know which condition is true when an authentication request is evaluated. Any help? You need to write a policy which checks for that, and creates a different log message for each situation.
This means understanding your configuration. You need to understand what happens when a user doesn't exist. And what happens when a user exists, but has a wrong password.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html