Hi,
I'm trying to set up a RADIUS server to always authenticate users sucessfully, but return additional information (Static IP address) from an SQL database for those that get the correct username and password. If the incorrect password is used, ideally the user should still be authenticated but without the Static IP. I initially tried matching using %C{Password} in reply_attr_query but that approach doesn't work with CHAP passwords.
I've now tried the following:
/usr/local/etc/raddb/users:
DEFAULT Auth-Type = Accept
Service-Type = Framed-User,
Framed-Protocol = PPP, (etc...)
Fall-Through = YesDEFAULT Auth-Type = Local,
Password-Location = SQL
Reply-Message = "Authenticated"...and then checking %R{Reply-Message} in check_attr_query but it looks like %R{} isn't available in check_attr_query and also only one "Auth-Type" is allowed - any subsequent Auth-Type entries pass regardless of what they are. (If I reverse the order of the two DEFAULT entries above, all authentication fails except with a matching username/password)
Is there any easy way around the above problems?
Thanks.
_______________________________________________ Help-gnu-radius mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnu-radius
