Hello, well I guess I can't do that with MySQL-Queries. Anybody got an idea on how the entry in the users-file has to look like. thanks and regards Chris -----Ursprüngliche Nachricht----- Von: Galuschka Christoph Gesendet: Dienstag, 17. April 2007 14:04 An: 'freeradius-users@lists.freeradius.org' Betreff: Login for any user Hello, I would like to create a login user on my database backend which allows everybody - regardless of username - to login as long as the password is correct. Is there a way to create such a user? thanks and regards Christoph --------------------------------------------------- Ing. Christoph Galuschka TIWAG-Tiroler Wasserkraft AG ITT LAN/WAN - VPN-/Firewallsysteme Eduard-Wallnöfer-Platz 2 6010 Innsbruck T: +43 (0)50607 21832 F: +43 (0)50607 41832 www.tiroler-wasserkraft.at Ti.econet: Hotline: +43 (0)50607 21405 eMail: econet@tiwag.at www.tieconet.at ---------------------------------------------------
Auth-Type:= Accept will let everyone in. Ivan Kalik Kalik Informatika ISP Dana 17/4/2007, "inverse" <inverse@ngi.it> piše:
Anybody got an idea on how the entry in the users-file has to look like
something like DEFAULT Auth-Type := Eap, User-Password == "blah"
with deafult eap type set to md5.
I've yet to try it tho, may you report back if it works? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
tnt@kalik.co.yu wrote:
Auth-Type:= Accept will let everyone in.
No. Every EAP method I am aware of will require the successful completion of the challenge-response. Just setting Auth-Type to Accept will break things completely. You *might* possibly be able to use EAP TTLS+PAP and set Auth-Type to Accept on the *inner* PAP method. But that's about it.
inverse wrote:
Anybody got an idea on how the entry in the users-file has to look like
something like DEFAULT Auth-Type := Eap, User-Password == "blah"
with deafult eap type set to md5.
I've yet to try it tho, may you report back if it works?
This suggestion is wrong on a number of levels: 1. Don't set Auth-Type 2. Don't use == for User-Password; use := and in recent server versions use Cleartext-Password 3. You cannot just "permit" EAP. The client will want the server to complete the challenge-response. The ONLY authentication algorithm that you can "just accept" is PAP.
participants (4)
-
Galuschka Christoph -
inverse -
Phil Mayers -
tnt@kalik.co.yu