Cleartext-Password := "%{User-Name}" in the users file. Possible?
Hi experts, I want to try another way to authenticate devices by their MAC addresses. I don't really care about the security and just try to make the configuration easy. Here is my configuration: ==== hints ===== DEFAULT User-Name =~ "001422.*" Hint = "STB" ===== users ===== DEFAULT Hint == "STB", Cleartext-Password := "%{User-Name}" Then I use the radtest program to test the setup and it failed... radtest 001422111111 001422111111 localhost 1812 test123 Both lines in the hints and users file are match based on the radius -X output. However the password in the check attribute is not replaced with the username... Please help, thanks! Here is the radius -X output: rad_recv: Access-Request packet from host 127.0.0.1 port 16011, id=123, length=64 User-Name = "001422111111" User-Password = "001422111111" NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 +- entering group authorize {...} [preprocess] expand: %{User-Name} -> 001422111111 [preprocess] hints: Matched DEFAULT at 1 ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [Marriott] No '/' in User-Name = "001422111111", looking up realm NULL [Marriott] No such realm "NULL" ++[Marriott] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 1 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "001422111111" [pap] Using clear text password "%{User-Name}" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Login incorrect (rlm_pap: CLEAR TEXT password check failed): [001422111111/001422111111] (from client 127.0.0.1/32 port 1812) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 001422111111 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 123 to 127.0.0.1 port 16011 Waking up in 4.9 seconds. [cid:image002.gif@01CBD982.DFF851C0]Difan Zhao M.Eng | CCNA CCNP CCSP | Network Engineer T: 403-509-1010 ext 3048 | M: 403-689-7514 | F: 403.509.1011 difan.zhao@guest-tek.com<mailto:difan.zhao@guest-tek.com> | www.guest-tek.com<http://www.guest-tek.com> The contents of this email are confidential and intended for the recipient only. If you have received this email in error, please notify us, and destroy all copies.
On 03/03/11 16:10, Difan Zhao wrote:
Hi experts,
I want to try another way to authenticate devices by their MAC addresses. I don’t really care about the security and just try to make the configuration easy. Here is my configuration:
==== hints =====
DEFAULT User-Name =~ "001422.*"
Hint = "STB"
===== users =====
DEFAULT Hint == "STB", Cleartext-Password := "%{User-Name}"
Why bother with a password at all? DEFAULT Hint == STB, Auth-Type := Accept
Thanks Phil! It works! It definitely fits what I need! However just be curious, why my setting won't work? Thanks! -----Original Message----- From: freeradius-users-bounces+difan.zhao=guest-tek.com@lists.freeradius.org [mailto:freeradius-users-bounces+difan.zhao=guest-tek.com@lists.freeradius.org] On Behalf Of Phil Mayers Sent: March-03-11 9:16 AM To: FreeRadius users mailing list Subject: Re: Cleartext-Password := "%{User-Name}" in the users file. Possible? On 03/03/11 16:10, Difan Zhao wrote:
Hi experts,
I want to try another way to authenticate devices by their MAC addresses. I don't really care about the security and just try to make the configuration easy. Here is my configuration:
==== hints =====
DEFAULT User-Name =~ "001422.*"
Hint = "STB"
===== users =====
DEFAULT Hint == "STB", Cleartext-Password := "%{User-Name}"
Why bother with a password at all? DEFAULT Hint == STB, Auth-Type := Accept - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 03/03/11 18:11, Difan Zhao wrote:
Thanks Phil! It works! It definitely fits what I need! However just be curious, why my setting won't work?
I'm not sure. It should work; it seems like the expansion: Cleartext-Password := "%{User-Name}" ...wasn't being acted on. Are you sure you didn't have a typo somewhere?
Phil Mayers wrote:
I'm not sure. It should work; it seems like the expansion:
Cleartext-Password := "%{User-Name}"
...wasn't being acted on. Are you sure you didn't have a typo somewhere?
The "control" items aren't expanded in the "hints" or "users" file. Use "unlang". Alan DeKok.
participants (3)
-
Alan DeKok -
Difan Zhao -
Phil Mayers