Res: DEFAULT and users file
Erico Augusto
ericosign at yahoo.com.br
Thu Mar 29 21:56:19 CEST 2007
Hi,
1. Post-Auth packet becomes empty with that approach
2. eap module works different with that approach
radiusd.conf:
authenticate {
....
eap
....
}
Got the output (radiusd -X):
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.1/auth-detail-20070329'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/10.10.10.1/auth-detail-20070329
modcall[authorize]: module "auth_log" returns ok for request 0
rlm_realm: No '@' in User-Name = "agentnode", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 164
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
radius_xlat: 'success'
Login OK: [agentnode] (from client erico-gprt port 2 cli 00-40-F4-C5-88-C7)
Sending Access-Accept of id 0 to 10.10.10.1 port 2015
Reply-Message = "success"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Accept packet from host 10.10.10.1:2015, id=0, length=29
Authentication reply packet code 2 sent to a non-proxy reply port from client erico-gprt:2015 - ID 0 : IGNORED
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 460c15b6
Nothing to do. Sleeping until we see a request.
Thanks, Erico.
----- Mensagem original ----
De: joe vieira <jvieira at clarku.edu>
Para: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Enviadas: Quinta-feira, 29 de Março de 2007 16:23:24
Assunto: Re: DEFAULT and users file
Erico Augusto wrote:
> Hi,
>
> I'm using EAP-TTLS to supplicant authentication.
>
> to authenticate the users at freeradius, I'm using users file to match
> user's password:
> ....
> user User-Password == "test"
> Reply-Message = "success"
> ....
> Is there a way, using DEFAULT, for example, to return success to all
> users without the necessity to match the User-Password(bypass
> freeradius authentication). What I'm trying to do is authenticate
> users just at post-auth. I'm using some examples from doc directory,
> but without success...
> Thanks, Erico.
>
do you mean like,?
DEFAULT Auth-Type := Accept
Reply-Message = "success"
to accept all users and reply success to them
or just
DEFAULT
Reply-Message = "success"
just to reply success to everyone (im pretty sure)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070329/a27143ec/attachment.html>
More information about the Freeradius-Users
mailing list