I am in the process of helping a customer of ours figure this out.
He purchased a bunch of users from a competitor, but they can not provide
him with the passwords (only usernames). What I want to do is allow for the
user to pass any password, but then log what they passed.
I have set the following in radiusd.conf:
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes
And have created a users file as such:
testuser Auth-Type := Local, User-Password =* "test"
Fall-Through = Yes
DEFAULT Auth-Type := Local
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
This isn't working. I am using radtest and getting the following results:
[EMAIL PROTECTED] raddb]# radtest testuser test 127.0.0.1:1812 0 testing123
Sending Access-Request of id 107 to 127.0.0.1:1812
User-Name = "testuser"
User-Password = "test"
NAS-IP-Address = wraith.nvc.net
NAS-Port = 0
Re-sending Access-Request of id 107 to 127.0.0.1:1812
User-Name = "testuser"
User-Password = "H%\201\271\r\361X\315\270zr\262P\367\265\374"
NAS-IP-Address = wraith.nvc.net
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=107, length=20
The radius.log entries are as such:
Thu Aug 14 15:36:54 2003 : Auth: Login incorrect: [testuser/test] (from
client localhost port 0)
I think the problem is the operator I am using on the User-Password check
item, but have tried almost every other "reasonable" operator.
Any other ideas?
- Brian J.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
