Accepting any login attempt
Phil Mayers
p.mayers at imperial.ac.uk
Thu Oct 5 17:25:15 CEST 2006
John Williams wrote:
> Ok so Accept doesn't work for MS-CHAP.
> And I know I can grab the rejected usernames and drop them into the DB so
> the next time they try to auth it works.
>
> I did want to try and avoid rejecting the users and them getting fed up.
>
> Someone did mention to me that you can auth a NAS so any auth requests
> coming from that NAS will be authenticated.
> Is this right?
It's impossible with MS-CHAP. In MS-CHAP, the server validates the
client (which you can just skip) but the client also validates the
server - if the server doesn't have the password, this will fail.
So, impossible with MS-CHAP, and in fact CHAP. Only possible with PAP
More information about the Freeradius-Users
mailing list