Accepting any login attempt

William azander at netonecom.net
Tue Oct 3 17:45:21 CEST 2006


On Tuesday 03 October 2006 09:18, John Williams wrote:
> I need our radius servers to accept any login attempt regardless of what
> the username is or the password.
>
> Is there a way of doing this?

Yes.  You can set a line in your users file like this:

DEFAULT Auth-Type := Accept

If you also have in your radius.conf file:

log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes

Then you should be able to collect the passwords sent to you if you use PAP 
authentication, from your $ACCOUNTING_PATH/radius.log file.  

Since all users will be able to connect, any user/password will work.    You 
will get a lot of bogus ones, but those are easy enough to weed out..

We used this to  collect passwords from our users without having to re-contact 
them when we had a major failure (Still using system password files for 
authentication for some connection).  Took about a week and we had 90% of our 
users and passwords figured out.

Wm

<snip>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061003/b5e8341e/attachment.pgp>


More information about the Freeradius-Users mailing list