DEFAULT and users file
Hi, I'm using EAP-TTLS to supplicant authentication. to authenticate the users at freeradius, I'm using users file to match user's password: .... user User-Password == "test" Reply-Message = "success" .... Is there a way, using DEFAULT, for example, to return success to all users without the necessity to match the User-Password(bypass freeradius authentication). What I'm trying to do is authenticate users just at post-auth. I'm using some examples from doc directory, but without success... Thanks, Erico. __________________________________________________ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
Erico Augusto wrote:
Hi,
I'm using EAP-TTLS to supplicant authentication.
to authenticate the users at freeradius, I'm using users file to match user's password: .... user User-Password == "test" Reply-Message = "success" .... Is there a way, using DEFAULT, for example, to return success to all users without the necessity to match the User-Password(bypass freeradius authentication). What I'm trying to do is authenticate users just at post-auth. I'm using some examples from doc directory, but without success... Thanks, Erico.
do you mean like,? DEFAULT Auth-Type := Accept Reply-Message = "success" to accept all users and reply success to them or just DEFAULT Reply-Message = "success" just to reply success to everyone (im pretty sure)
Erico Augusto wrote:
Hi,
I'm using EAP-TTLS to supplicant authentication.
to authenticate the users at freeradius, I'm using users file to match user's password: .... user User-Password == "test" Reply-Message = "success"
No. Do NOT match the users password. Instead, tell the server what the correct password is, and it will figure out what to do. user Cleartext-Password := "test" ...
Is there a way, using DEFAULT, for example, to return success to all users without the necessity to match the User-Password(bypass freeradius authentication). What I'm trying to do is authenticate users just at post-auth. I'm using some examples from doc directory, but without success...
You can't authenticate users at post-auth. And if you're using EAP, you can't just return "success", because part of EAP involves validating the password. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (3)
-
Alan DeKok -
Erico Augusto -
joe vieira