On May 14, 2020, at 7:00 PM, Imdad Hasan <imdadalikadiwala0@gmail.com> wrote:
i am using perl module, its working all like exec module but no doubt its increased the performance on high load. But i have some queries when i use CHAP authentication method with perl module.
The answer is "don't do CHAP with Perl". Instead, let FreeRADIUS do the authentication.
In CHAP authentication i can't verify the password with Cleartext-Password, right?
You can. The CHAP module takes care of this.
That's why i set RADCHECK attribute Cleartext-Password="password" and after that freeradius verify them with authenticator and all. and if password doesn't matched than its return Reject.
Yes, that works.
But if i want to accept those user ( who have wrong password ) with special disabled framed-ip than how can i??
It's easy, but a little weird. In the "authenticate" section, do: Auth-Type CHAP { chap { reject = 1 } if (reject) { update reply { Framed-IP-Address := 192.0.2.128 } ok } } And that should do it. Then, make sure that you're not over-writing that Framed-IP-Address later. Alan DeKok.