Erico Augusto wrote:
> Hi,
> I'm using EAP-TTLS to supplicant authentication.
> to authenticate the users at freeradius, I'm using users file to match
> user's password:
> ....
> user       User-Password == "test"
>               Reply-Message = "success"

  No.  Do NOT match the users password.  Instead, tell the server what
the correct password is, and it will figure out what to do.

user    Cleartext-Password := "test"

> Is there a way, using DEFAULT, for example, to return success to all
> users without the necessity to match the User-Password(bypass freeradius
> authentication). What I'm trying to do is authenticate users just at
> post-auth. I'm using some examples from doc directory, but without
> success...

  You can't authenticate users at post-auth.  And if you're using EAP,
you can't just return "success", because part of EAP involves validating
the password.

  Alan DeKok.
--       - The web site of the book - The blog
List info/subscribe/unsubscribe? See

Reply via email to