On Tue 03 Oct 2006 18:45, William wrote: > On Tuesday 03 October 2006 09:18, John Williams wrote: > > I need our radius servers to accept any login attempt regardless of what > > the username is or the password. > > > > Is there a way of doing this? > > Yes. You can set a line in your users file like this: > > DEFAULT Auth-Type := Accept > > If you also have in your radius.conf file: > > log_auth = yes > log_auth_badpass = yes > log_auth_goodpass = yes > > Then you should be able to collect the passwords sent to you if you use PAP > authentication, from your $ACCOUNTING_PATH/radius.log file. > > Since all users will be able to connect, any user/password will work. > You will get a lot of bogus ones, but those are easy enough to weed out.. > > We used this to collect passwords from our users without having to > re-contact them when we had a major failure (Still using system password > files for authentication for some connection). Took about a week and we > had 90% of our users and passwords figured out.
Even better you can do something like the following:
post-auth {
Post-Auth-Type REJECT {
# Log rejects into database
sql
}
}
We use this to log failed auths directly into sql. I believe you should be
able to do the same thing for ACCEPT :-)
Note: It uses the "postauth_query" in the sql config file...
Cheers
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
pgpVQiLrlUjz9.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
