Authenticate only through Username
Hi, I am using currently using FreeRADIUS to authenticate customers of hotspot. But I want FR to authenticate only based on username and ignores the password. So if the username exists in radcheck table, it should send Accept, even if the password mismatches. How can I do that? Thanks
On Feb 20, 2017, at 7:52 AM, Muhammad Usman <muhd.usman87@gmail.com> wrote:
I am using currently using FreeRADIUS to authenticate customers of hotspot. But I want FR to authenticate only based on username and ignores the password. So if the username exists in radcheck table, it should send Accept, even if the password mismatches. How can I do that? Thanks
For one, be sure that the password in SQL is Cleartext-Password, and not User-Password. Then, decide which users need to be authenticated based only on User-Name. Then, configure that. The PAP module is listed in the "authorize" section, and sets 'Auth-Type = PAP', but ONLY if Auth-Type is not already set. You can force authentication success by setting 'Auth-Type = Accept'. So the solution is simple: authorize { .... if (User-Name == "testing") { # as an example update control { Auth-Type := Accept } } # this should be the last thing in the "authorize" section. pap } Alan DeKok.
Hi,
I am using currently using FreeRADIUS to authenticate customers of hotspot. But I want FR to authenticate only based on username and ignores the password. So if the username exists in radcheck table, it should send Accept, even if the password mismatches. How can I do that? Thanks
not for EAP and other ways - but for PAP you can just do an Auth-Type ACCEPT assertion with unlang as required. alan
Thanks a lot guys for your help.. On Mon, Feb 20, 2017 at 7:31 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
I am using currently using FreeRADIUS to authenticate customers of hotspot. But I want FR to authenticate only based on username and ignores the password. So if the username exists in radcheck table, it should send Accept, even if the password mismatches. How can I do that? Thanks
not for EAP and other ways - but for PAP you can just do an Auth-Type ACCEPT assertion with unlang as required.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Muhammad Usman