Accepting any login attempt

Peter Nixon listuser at peternixon.net
Tue Oct 3 18:42:16 CEST 2006


On Tue 03 Oct 2006 18:45, William wrote:
> On Tuesday 03 October 2006 09:18, John Williams wrote:
> > I need our radius servers to accept any login attempt regardless of what
> > the username is or the password.
> >
> > Is there a way of doing this?
>
> Yes.  You can set a line in your users file like this:
>
> DEFAULT Auth-Type := Accept
>
> If you also have in your radius.conf file:
>
> log_auth = yes
> log_auth_badpass = yes
> log_auth_goodpass = yes
>
> Then you should be able to collect the passwords sent to you if you use PAP
> authentication, from your $ACCOUNTING_PATH/radius.log file.
>
> Since all users will be able to connect, any user/password will work.   
> You will get a lot of bogus ones, but those are easy enough to weed out..
>
> We used this to  collect passwords from our users without having to
> re-contact them when we had a major failure (Still using system password
> files for authentication for some connection).  Took about a week and we
> had 90% of our users and passwords figured out.

Even better you can do something like the following:

post-auth {
        Post-Auth-Type REJECT {
                # Log rejects into database
                sql
        }
}

We use this to log failed auths directly into sql. I believe you should be 
able to do the same thing for ACCEPT :-)

Note: It uses the "postauth_query" in the sql config file...

Cheers

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061003/d24f16d8/attachment.pgp>


More information about the Freeradius-Users mailing list