Accepting any login attempt
Alan DeKok
aland at deployingradius.com
Thu Oct 5 17:07:41 CEST 2006
"John Williams" <john.williams at eurisp.co.uk> wrote:
> Someone did mention to me that you can auth a NAS so any auth requests
> coming from that NAS will be authenticated.
> Is this right?
Sort of, but for your purposes, no.
You *can* do:
DEFAULT Client-IP-Address == 1.2.3.4, Auth-Type := Accept
Which is "authenticate all requests from NAS 1.2.3.4". But it's no
different than the previous problems with Auth-Type := Accept.
The problem you're running into is not the NAS, it's the software on
the end user machine. It's doing MS-CHAP, and the NAS is just blindly
passing traffic back and forth.
Anyways, I explain this in more detail in my book. It should be
done by Christmas.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list