Cleartext-Password := "%{User-Name}" in the users file. Possible?

Thu, 03 Mar 2011 08:12:11 -0800 

Hi experts,

I want to try another way to authenticate devices by their MAC addresses. I 
don't really care about the security and just try to make the configuration 
easy. Here is my configuration:

==== hints =====
DEFAULT User-Name =~ "001422.*"
        Hint = "STB"

===== users =====
DEFAULT Hint == "STB", Cleartext-Password := "%{User-Name}"

Then I use the radtest program to test the setup and it failed...
radtest 001422111111 001422111111 localhost 1812 test123

Both lines in the hints and users file are match based on the radius -X output. 
However the password in the check attribute is not replaced with the 
username... Please help, thanks!

Here is the radius -X output:
rad_recv: Access-Request packet from host 127.0.0.1 port 16011, id=123, 
length=64
        User-Name = "001422111111"
        User-Password = "001422111111"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
+- entering group authorize {...}
[preprocess]    expand: %{User-Name} -> 001422111111
[preprocess]   hints: Matched DEFAULT at 1
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[Marriott] No '/' in User-Name = "001422111111", looking up realm NULL
[Marriott] No such realm "NULL"
++[Marriott] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "001422111111"
[pap] Using clear text password "%{User-Name}"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Login incorrect (rlm_pap: CLEAR TEXT password check failed): 
[001422111111/001422111111] (from client 127.0.0.1/32 port 1812)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> 001422111111
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 123 to 127.0.0.1 port 16011
Waking up in 4.9 seconds.


[cid:image002.gif@01CBD982.DFF851C0]Difan Zhao M.Eng | CCNA CCNP CCSP | Network 
Engineer
T: 403-509-1010 ext 3048 | M: 403-689-7514 | F: 403.509.1011
difan.z...@guest-tek.com<mailto:difan.z...@guest-tek.com> | 
www.guest-tek.com<http://www.guest-tek.com>

The contents of this email are confidential and intended for the recipient 
only. If you have received this email in error, please notify us, and destroy 
all copies.

<<inline: image001.gif>>

<<inline: image002.gif>>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to