Hi,
I am running freeradius 0.9.3 on redhat 9.0. Our radius servers
are used primarily for proxying to other ISP's radius servers.
I have one customer who would like to be able to authenticate using
realm and the NAS-IP address only. If the realm and NAS-IP
address match then an access-accept will be sent back along
with one vendor specific attribute.
So basically I want radius to ignore the username and password
and check the realm and NAS-IP address only (or possibly another check item)
The end users client software does pass username in the form of
[EMAIL PROTECTED] along with password, NAS-IP, dialer-digits etc.
I have created the following entry in my user file:
DEFAULT Realm = = "myisp.com", NAS-IP-Address="xxx.xxx.xxx.xxx"
vendor-specific-attribute=1,
Fall-Through = Yes
and the following entry in my proxy.conf
realm myisp.com {
type = radius
authhost = LOCAL
accthost = LOCAL
nostrip
}
When I use something like NTRadping, I get access-reject with the reply
item being correct
and in the radius logs, I get:
Auth: Login incorrect: [EMAIL PROTECTED]/asdfasd] (from client mytest port
0)
Questions:
1. Regardless of whether this is a good idea or not, can radius be
configured to do this?
2. If so, how?
Thanks,
Dave
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
