Accept all users?

Alan DeKok aland at
Tue Feb 24 18:15:34 CET 2015

On Feb 24, 2015, at 12:08 PM, Dominik Menke <dom at> wrote:
> I'm trying to secure my wireless networks with RADIUS, so that any
> combination of username/password will let the user in.

  That isn’t very secure.

> So far I tried to add this line to my `users` file:
>    DEFAULT Auth-Type := Accept

  That won’t work.

> With radtest I could get a positive feedback, but when I wire up the
> RADIUS server with my wireless AP and try to connect (via
> EAP-TTLS/MSCHAPv2), no connection is established.


  MS-CHAPv2 *requires* that the server know the users correct password.

  You need to do two things:

1) configure the clients to use TTLS/PAP instead of MS-CHAP

2) update the “users” file entry to say:

DEFAULT	  FreeRADIUS-Proxied-To ==, Auth-Type := Accept

  Then TTLS/PAP should work.  Nothing else will work, though.

  Alan DeKok.

More information about the Freeradius-Users mailing list