Accepting any login attempt

John Williams john.williams at eurisp.co.uk
Thu Oct 5 12:23:08 CEST 2006 

Ok so Accept doesn't work for MS-CHAP.
And I know I can grab the rejected usernames and drop them into the DB so
the next time they try to auth it works.

I did want to try and avoid rejecting the users and them getting fed up.

Someone did mention to me that you can auth a NAS so any auth requests
coming from that NAS will be authenticated.
Is this right?

John

> -----Original Message-----
> From: freeradius-users-
> bounces+john.williams=eurisp.co.uk at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+john.williams=eurisp.co.uk at lists.freeradius.org] On Behalf Of
> Peter Nixon
> Sent: 03 October 2006 17:42
> To: FreeRadius users mailing list
> Subject: Re: Accepting any login attempt
> 
> On Tue 03 Oct 2006 18:45, William wrote:
> > On Tuesday 03 October 2006 09:18, John Williams wrote:
> > > I need our radius servers to accept any login attempt regardless of
> what
> > > the username is or the password.
> > >
> > > Is there a way of doing this?
> >
> > Yes.  You can set a line in your users file like this:
> >
> > DEFAULT Auth-Type := Accept
> >
> > If you also have in your radius.conf file:
> >
> > log_auth = yes
> > log_auth_badpass = yes
> > log_auth_goodpass = yes
> >
> > Then you should be able to collect the passwords sent to you if you use
> PAP
> > authentication, from your $ACCOUNTING_PATH/radius.log file.
> >
> > Since all users will be able to connect, any user/password will work.
> > You will get a lot of bogus ones, but those are easy enough to weed
> out..
> >
> > We used this to  collect passwords from our users without having to
> > re-contact them when we had a major failure (Still using system password
> > files for authentication for some connection).  Took about a week and we
> > had 90% of our users and passwords figured out.
> 
> Even better you can do something like the following:
> 
> post-auth {
>         Post-Auth-Type REJECT {
>                 # Log rejects into database
>                 sql
>         }
> }
> 
> We use this to log failed auths directly into sql. I believe you should be
> able to do the same thing for ACCEPT :-)
> 
> Note: It uses the "postauth_query" in the sql config file...
> 
> Cheers
> 
> --
> 
> Peter Nixon
> http://www.peternixon.net/
> PGP Key: http://www.peternixon.net/public.asc
> 
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.0.407 / Virus Database: 268.12.12/462 - Release Date:
> 03/10/2006
> 
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.0.407 / Virus Database: 268.12.13/463 - Release Date: 04/10/2006

More information about the Freeradius-Users mailing list