Blank Password Problem
Satyam Mathura
satz.sm at gmail.com
Fri Jan 22 00:14:35 CET 2010
The reason i had those configs was because they were outlined as steps to
reject authentication by default in the guide i was using.
http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
"Note: If you want to reject authentication by default then edit the
raddb/users file and add this:
DEFAULT Auth-Type := Reject
Then add Auth-Type Accept with := as op in radgroupcheck for each group"
I've commented out the DEFAULT Auth-Type := Reject in the users file
and removed the Auth-Type := Accept from the radgroupcheck table and the
server no longer accepts a blank password.
Guide is incorrect or needs updating?
Thanks for the help guys.
On Thu, Jan 21, 2010 at 6:58 PM, Bjørn Mork <bjorn at mork.no> wrote:
> Satyam Mathura <satz.sm at gmail.com> writes:
>
> > Line 204 in my users file is the following:
> > DEFAULT Auth-Type := Reject
>
> You don't want that. It removes the server's ability to figure it out
> by itself.
>
>
> > my radgroupcheck config:
> > +----+------------------+----------------+----+----------------+
> > | id | groupname | attribute | op | value |
> > +----+------------------+----------------+----+----------------+
> > | 5 | engineeringadmin | Huntgroup-Name | == | admin |
> > | 6 | engineeringadmin | Auth-Type | := | Accept |
>
> Why? This will make the server act as you describe: Any username in the
> engineeringadmin group will be accepted regardless of password.
>
>
> Bjørn
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100121/7fb91211/attachment.html>
More information about the Freeradius-Users
mailing list