Freeradius Ldap mosule is authenticating with wrong password also

Alan Buxey A.L.M.Buxey at
Sun Jul 24 13:48:34 CEST 2011


> DEFAULT LDAP-Group == "CiscoRWL2Lr", Auth-Type := Accept
>         Reply-Message = "Welcome! You have administrative access.",
>         Service-Type = NAS-Prompt-User,
>         cisco-avpair = "shell:priv-lvl=15"

as already said, you've configured your RADIUS server to accept
ANYONE who is in the CiscoRW2Lr group - even if their password
is 100% wrong.  Auth-Type := Accept opens your box to basically not
caring about authentication.... only authorization.

remove the auth-type and ensure your authentication is working - 
which will need some work for AD


More information about the Freeradius-Users mailing list