The reason i had those configs was because they were outlined as steps to reject authentication by default in the guide i was using.
http://wiki.freeradius.org/SQL_Huntgroup_HOWTO

"Note: If you want to reject authentication by default then edit the raddb/users file and add this:
DEFAULT   Auth-Type := Reject

Then add Auth-Type Accept with := as op in radgroupcheck for each group"


I've commented out the DEFAULT   Auth-Type := Reject in the users file

and removed the Auth-Type  :=  Accept from the radgroupcheck table and the server no longer accepts a blank password.


Guide is incorrect or needs updating?

Thanks for the help guys.






On Thu, Jan 21, 2010 at 6:58 PM, Bjørn Mork <bjorn@mork.no> wrote:
Satyam Mathura <satz.sm@gmail.com> writes:

> Line 204 in my users file is the following:
> DEFAULT   Auth-Type := Reject

You don't want that.  It removes the server's ability to figure it out
by itself.


> my radgroupcheck config:
> +----+------------------+----------------+----+----------------+
> | id | groupname        | attribute      | op | value                 |
> +----+------------------+----------------+----+----------------+
> |  5 | engineeringadmin | Huntgroup-Name | == | admin     |
> |  6 | engineeringadmin | Auth-Type      | := | Accept         |

Why? This will make the server act as you describe: Any username in the
engineeringadmin group will be accepted regardless of password.


Bjørn

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html