Cleartext-Password := "%{User-Name}" in the users file. Possible?

Difan Zhao difan.zhao at
Thu Mar 3 17:10:43 CET 2011

Hi experts,

I want to try another way to authenticate devices by their MAC addresses. I don't really care about the security and just try to make the configuration easy. Here is my configuration:

==== hints =====
DEFAULT User-Name =~ "001422.*"
        Hint = "STB"

===== users =====
DEFAULT Hint == "STB", Cleartext-Password := "%{User-Name}"

Then I use the radtest program to test the setup and it failed...
radtest 001422111111 001422111111 localhost 1812 test123

Both lines in the hints and users file are match based on the radius -X output. However the password in the check attribute is not replaced with the username... Please help, thanks!

Here is the radius -X output:
rad_recv: Access-Request packet from host port 16011, id=123, length=64
        User-Name = "001422111111"
        User-Password = "001422111111"
        NAS-IP-Address =
        NAS-Port = 1812
+- entering group authorize {...}
[preprocess]    expand: %{User-Name} -> 001422111111
[preprocess]   hints: Matched DEFAULT at 1
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[Marriott] No '/' in User-Name = "001422111111", looking up realm NULL
[Marriott] No such realm "NULL"
++[Marriott] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "001422111111"
[pap] Using clear text password "%{User-Name}"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Login incorrect (rlm_pap: CLEAR TEXT password check failed): [001422111111/001422111111] (from client port 1812)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> 001422111111
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 123 to port 16011
Waking up in 4.9 seconds.

[cid:image002.gif at 01CBD982.DFF851C0]Difan Zhao M.Eng | CCNA CCNP CCSP | Network Engineer
T: 403-509-1010 ext 3048 | M: 403-689-7514 | F: 403.509.1011
difan.zhao at<mailto:difan.zhao at> |<>

The contents of this email are confidential and intended for the recipient only. If you have received this email in error, please notify us, and destroy all copies.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 3741 bytes
Desc: image001.gif
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 2716 bytes
Desc: image002.gif
URL: <>

More information about the Freeradius-Users mailing list