Hi experts, I want to try another way to authenticate devices by their MAC addresses. I don't really care about the security and just try to make the configuration easy. Here is my configuration:
==== hints ===== DEFAULT User-Name =~ "001422.*" Hint = "STB" ===== users ===== DEFAULT Hint == "STB", Cleartext-Password := "%{User-Name}" Then I use the radtest program to test the setup and it failed... radtest 001422111111 001422111111 localhost 1812 test123 Both lines in the hints and users file are match based on the radius -X output. However the password in the check attribute is not replaced with the username... Please help, thanks! Here is the radius -X output: rad_recv: Access-Request packet from host 127.0.0.1 port 16011, id=123, length=64 User-Name = "001422111111" User-Password = "001422111111" NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 +- entering group authorize {...} [preprocess] expand: %{User-Name} -> 001422111111 [preprocess] hints: Matched DEFAULT at 1 ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [Marriott] No '/' in User-Name = "001422111111", looking up realm NULL [Marriott] No such realm "NULL" ++[Marriott] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 1 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "001422111111" [pap] Using clear text password "%{User-Name}" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Login incorrect (rlm_pap: CLEAR TEXT password check failed): [001422111111/001422111111] (from client 127.0.0.1/32 port 1812) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 001422111111 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 123 to 127.0.0.1 port 16011 Waking up in 4.9 seconds. [cid:image002.gif@01CBD982.DFF851C0]Difan Zhao M.Eng | CCNA CCNP CCSP | Network Engineer T: 403-509-1010 ext 3048 | M: 403-689-7514 | F: 403.509.1011 difan.z...@guest-tek.com<mailto:difan.z...@guest-tek.com> | www.guest-tek.com<http://www.guest-tek.com> The contents of this email are confidential and intended for the recipient only. If you have received this email in error, please notify us, and destroy all copies.
<<inline: image001.gif>>
<<inline: image002.gif>>
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html