On Thu, 2004-01-08 at 16:48, Alan DeKok wrote:
> John Horne <[EMAIL PROTECTED]> wrote:
> > Given that, I assume then that it is then not possible to create a
> > default 'users' file entry which will allow *any* user through if we
> > insist on using MS-CHAPv2?
>
> Auth-Type := Accept
>
> Will allow the user through, without password checking.
>
No it doesn't - I tried that after reading the FAQ. If I use just:
jhornex Auth-Type := Accept
then radiusd complains that no MSCHAP password has been supplied:
auth: type "MS-CHAP"
modcall: entering group authenticate for request 0
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: No LM-Password or NT-Password attribute found. Cannot
perform MS-CHAP authentication.
modcall[authenticate]: module "mschap" returns fail for request 0
modcall: group authenticate returns fail for request 0
auth: Failed to validate the user.
If I enter a User-Password attribute:
jhornex Auth-Type := Accept, User-Password == "anything"
then, because I can't use the '!=', '!~' operators I have to let every
user know what the password is.
Either way, use of Accept and MS-CHAP seems to still go through the
password checking.
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
