On Nov 2, 2018, at 12:08 PM, Selahattin Cilek <selahattin_cilek@hotmail.com> wrote:
I use FreeRADIUS 3.0.17 to provide services on a site. Ever since I stepped into the world of RADIUS, I have been dealing with the issue of "anonymous" users.
What do you mean by anonymous users? The normal operation is to only authenticate *known* users. Everyone else is unknown, and un-authenticated.
I have been abusing the *Class* attribute work around the problem, but after some deliberation, I've decided that it would be best if I could reject anonymous users right away.
Perhaps there's debug output you could share...
Currently, this store procedure can check if a user with a given name exists in the database, and if not, return *0* to make FreeRADIUS to reject access to that user.
The default *is* to reject unknown users. So if your system is allowing unknown users, then it's because of local changes you made to allow that.
What I'd like to know though is that if there is a better, more elegant FreeRADIUSy way of achieving the same goal. For example, would something like below work?
If you could describe in more detail what you're doing, we could help. Alan DeKok.