Allow access to wrong password

Aurélio de Souza Ribeiro Neto netolistas at mpc.com.br
Wed Apr 13 22:36:04 CEST 2016 

Alan,

     Only complementing.....

     He catches and releases the IP

     Look my authenticate section:

authenticate {

         Auth-Type PAP {
                 pap {
                        reject = 1
                     }

                     if(reject) {
                        update control {
                          Pool-Name := "inadi_pool";
                        }

                        ok
                    }
         }


         Auth-Type CHAP {
                chap  {
                        reject = 1
                     }

                     if(reject) {
                        update control {
                          Pool-Name := "iandi_pool";
                        }

                        ok
                    }

         }


         Auth-Type MS-CHAP {
                 mschap  {
                        reject = 1
                     }
                     if(reject) {
                        update control {
                          Pool-Name := "inadi_pool";
                        }

                        ok
                    }

         }

         digest
         unix
         eap
}


     And my Log:

Wed Apr 13 16:51:31 2016 : Auth: Login OK: [testepppoe] (from client 
ce-teste-rb port 15728721 cli F8:1A:67:58:42:E7)
Wed Apr 13 16:51:31 2016 : Info: Allocated IP: 192.168.11.208 from 
inadi_pool   (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 port 15728721 
user testepppoe)
Wed Apr 13 16:51:31 2016 : Info: Released IP 192.168.11.208 (did CE - 
TESTE PPPoE cli F8:1A:67:58:42:E7 user testepppoe)


     Could you help me?

Aurelio



Em 13/04/2016 16:48, Aurélio de Souza Ribeiro Neto escreveu:
> Alan,
>
>     Thanks!
>
>     It works, but I can Log "Invalid Login" before delivery IP?
>
> Aurelio
>
> Em 13/04/2016 10:09, Alan DeKok escreveu:
>> On Apr 13, 2016, at 8:51 AM, Aurélio de Souza Ribeiro Neto 
>> <netolistas at mpc.com.br> wrote:
>>>     Is it possible to allow access to a different POOL for users who 
>>> authenticate with invalid login or password?
>>    Only for people who aren't using EAP.
>>
>>>     Users who connect with correct credentials would use the POOL 
>>> according to their groups, and users with login and password 
>>> invalids would be directed to another POOL? I hope I was clear.
>>    Sure.  In the "authenticate" section, do:
>>
>> authenticate {
>>     ...
>>     Auth-Type pap {
>>         pap {
>>             reject = 1
>>         }
>>
>>         if (reject) {
>>             update control {
>>                 Pool-Name := "rejected_pool"
>>             }
>>
>>             ok
>>         }
>>
>>     }
>>
>>     ...
>> }
>>
>>    You'll have to customize it for your system, but the general idea 
>> is there.
>>
>>    Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>
>
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list