Accept all users?
Alan DeKok
aland at deployingradius.com
Tue Feb 24 18:15:34 CET 2015
On Feb 24, 2015, at 12:08 PM, Dominik Menke <dom at digineo.de> wrote:
> I'm trying to secure my wireless networks with RADIUS, so that any
> combination of username/password will let the user in.
That isn’t very secure.
> So far I tried to add this line to my `users` file:
>
> DEFAULT Auth-Type := Accept
That won’t work.
> With radtest I could get a positive feedback, but when I wire up the
> RADIUS server with my wireless AP and try to connect (via
> EAP-TTLS/MSCHAPv2), no connection is established.
Exactly.
MS-CHAPv2 *requires* that the server know the users correct password.
You need to do two things:
1) configure the clients to use TTLS/PAP instead of MS-CHAP
2) update the “users” file entry to say:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Auth-Type := Accept
Then TTLS/PAP should work. Nothing else will work, though.
Alan DeKok.
More information about the Freeradius-Users
mailing list