Hi, I am running freeradius 0.9.3 on redhat 9.0. Our radius servers are used primarily for proxying to other ISP's radius servers.
I have one customer who would like to be able to authenticate using realm and the NAS-IP address only. If the realm and NAS-IP address match then an access-accept will be sent back along with one vendor specific attribute. So basically I want radius to ignore the username and password and check the realm and NAS-IP address only (or possibly another check item) The end users client software does pass username in the form of [EMAIL PROTECTED] along with password, NAS-IP, dialer-digits etc. I have created the following entry in my user file: DEFAULT Realm = = "myisp.com", NAS-IP-Address="xxx.xxx.xxx.xxx" vendor-specific-attribute=1, Fall-Through = Yes and the following entry in my proxy.conf realm myisp.com { type = radius authhost = LOCAL accthost = LOCAL nostrip } When I use something like NTRadping, I get access-reject with the reply item being correct and in the radius logs, I get: Auth: Login incorrect: [EMAIL PROTECTED]/asdfasd] (from client mytest port 0) Questions: 1. Regardless of whether this is a good idea or not, can radius be configured to do this? 2. If so, how? Thanks, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html