Accepting any login attempt

Alan DeKok aland at
Thu Oct 5 17:07:41 CEST 2006

"John Williams" <john.williams at> wrote:
> Someone did mention to me that you can auth a NAS so any auth requests
> coming from that NAS will be authenticated.
> Is this right?

  Sort of, but for your purposes, no.

  You *can* do:

DEFAULT Client-IP-Address ==, Auth-Type := Accept

  Which is "authenticate all requests from NAS".  But it's no
different than the previous problems with Auth-Type := Accept.

  The problem you're running into is not the NAS, it's the software on
the end user machine.  It's doing MS-CHAP, and the NAS is just blindly
passing traffic back and forth.

  Anyways, I explain this in more detail in my book.  It should be
done by Christmas.

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Users mailing list