Unknown username and password matching

[Dan Strong]

Thanks Matthew, I think I'm following.

Do you have an example to help? I'mcurrently just getting to grips with Freeradius. I can see the below commented out. Your saying that below I can add my own attributes such as Cisco-AVPair and it will look for this rather than username or password?


key = %{%{Stripped-User-Name}:-%{User-Name}}

My question is, under the syntax of the users file. Would I still need users to be present with attributes attached to them, even if username is ignored?

Thanks!
________________________________
From: Freeradius-Users <freeradius-users-bounces+danstrong_01=hotmail.co.uk at lists.freeradius.org> on behalf of Matthew Newton <mcn at freeradius.org>
Sent: Thursday, April 11, 2019 11:07 AM
To: FreeRadius users mailing list
Subject: Re: Unknown username and password matching

On Thu, 2019-04-11 at 10:11 +0000, Dan Strong wrote:
> So what I'm asking is can we ignore the username and password that
> comes through, and just match the psk?
>
> Can you have something like Username is the CISCO-AVPair = PSK
> attribute or something?

You can configure the files module to look up a different attribute
rather than User-Name. See the "key" configuration option.

I would look at extracting the PSK from the Cisco-AVPair with a regex
and put it into another attribute, then use that as the key. Saves
confusion if you get multiple Cisco-AVPair attributes.

--
Matthew


-
List info/subscribe/unsubscribe? See https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C7b90c07a2209405092e308d6be6e092a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636905777137760482&sdata=069RPFuBCQ66GRyQPE9AbvgQB%2FkpL2AaLF%2BHGWzP1Ig%3D&reserved=0