Accept all users?
Alan DeKok
aland at deployingradius.com
Wed Mar 4 18:57:45 CET 2015
On Mar 4, 2015, at 12:31 PM, Dominik Menke <dom at digineo.de> wrote:
> Is there anything else I need to configure?
<sigh> Do you think I lied to you in your last message? Or maybe you got something wrong?
Which one is more likely to be true?
> Using those two settings
> gives me this:
>
>> # radtest -t pap foobar snafu localhost 10 testing123
Don’t look at the client logs to debug the server. Honestly, this isn’t difficult.
> And in the server log:
>
>> rad_recv: Access-Request packet from host 127.0.0.1 port 45876, id=0, length=120
>> User-Name = "foobar"
>> NAS-IP-Address = 127.0.0.1
>> Calling-Station-Id = "02-00-00-00-00-01"
>> Framed-MTU = 1400
>> NAS-Port-Type = Wireless-802.11
>> Connect-Info = "CONNECT 11Mbps 802.11b"
>> EAP-Message = 0x0200000b01666f6f626172
>> Message-Authenticator = 0xb3ca17f074559f077c154b1f72006a21
>> # Executing section authorize from file /etc/freeradius/sites-enabled/default
>> +group authorize {
>> ++[preprocess] = ok
>> ++[chap] = noop
>> ++[mschap] = noop
>> [eap] EAP packet type response id 0 length 11
>> [eap] No EAP Start, assuming it's an on-going EAP conversation
>> ++[eap] = updated
>> ++[files] = noop
It doesn’t match any entry in the “users” file.
>> ++[logintime] = noop
>> [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
>> ++[pap] = noop
>> ++update control {
>> ++} # update control = noop
>> +} # group authorize = updated
So… you edited the “authorize” section to add:
update control {
Auth-Type := Accept
}
Did I say to do that? No.
Then why did you do it?
> Although an Access-Accept is transmitted, the warning "no 'known good'
> password found for the user" makes me worry, I didn't understand a
> central part of FR…
Following instructions shouldn’t be difficult.
And I find it annoying when people make random changes without saying what they’re doing, or why. Then when those changes don’t work… they blame me. “But I followed your instructions!”
No. No, you didn’t follow my instructions.
Alan DeKok.
More information about the Freeradius-Users
mailing list