Ok so Accept doesn't work for MS-CHAP. And I know I can grab the rejected usernames and drop them into the DB so the next time they try to auth it works. I did want to try and avoid rejecting the users and them getting fed up. Someone did mention to me that you can auth a NAS so any auth requests coming from that NAS will be authenticated. Is this right? John
-----Original Message----- From: freeradius-users- bounces+john.williams=eurisp.co.uk@lists.freeradius.org [mailto:freeradius-users- bounces+john.williams=eurisp.co.uk@lists.freeradius.org] On Behalf Of Peter Nixon Sent: 03 October 2006 17:42 To: FreeRadius users mailing list Subject: Re: Accepting any login attempt
On Tue 03 Oct 2006 18:45, William wrote:
On Tuesday 03 October 2006 09:18, John Williams wrote:
I need our radius servers to accept any login attempt regardless of what the username is or the password.
Is there a way of doing this?
Yes. You can set a line in your users file like this:
DEFAULT Auth-Type := Accept
If you also have in your radius.conf file:
log_auth = yes log_auth_badpass = yes log_auth_goodpass = yes
Then you should be able to collect the passwords sent to you if you use PAP authentication, from your $ACCOUNTING_PATH/radius.log file.
Since all users will be able to connect, any user/password will work. You will get a lot of bogus ones, but those are easy enough to weed out..
We used this to collect passwords from our users without having to re-contact them when we had a major failure (Still using system password files for authentication for some connection). Took about a week and we had 90% of our users and passwords figured out.
Even better you can do something like the following:
post-auth { Post-Auth-Type REJECT { # Log rejects into database sql } }
We use this to log failed auths directly into sql. I believe you should be able to do the same thing for ACCEPT :-)
Note: It uses the "postauth_query" in the sql config file...
Cheers
--
Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
-- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.0.407 / Virus Database: 268.12.12/462 - Release Date: 03/10/2006
-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.0.407 / Virus Database: 268.12.13/463 - Release Date: 04/10/2006