Accepting any login attempt

Phil Mayers p.mayers at imperial.ac.uk
Thu Oct 5 17:25:15 CEST 2006


John Williams wrote:
> Ok so Accept doesn't work for MS-CHAP.
> And I know I can grab the rejected usernames and drop them into the DB so
> the next time they try to auth it works.
> 
> I did want to try and avoid rejecting the users and them getting fed up.
> 
> Someone did mention to me that you can auth a NAS so any auth requests
> coming from that NAS will be authenticated.
> Is this right?

It's impossible with MS-CHAP. In MS-CHAP, the server validates the 
client (which you can just skip) but the client also validates the 
server - if the server doesn't have the password, this will fail.

So, impossible with MS-CHAP, and in fact CHAP. Only possible with PAP



More information about the Freeradius-Users mailing list