Ok so Accept doesn't work for MS-CHAP. And I know I can grab the rejected usernames and drop them into the DB so the next time they try to auth it works.
I did want to try and avoid rejecting the users and them getting fed up. Someone did mention to me that you can auth a NAS so any auth requests coming from that NAS will be authenticated. Is this right? John > -----Original Message----- > From: freeradius-users- > [EMAIL PROTECTED] > [mailto:freeradius-users- > [EMAIL PROTECTED] On Behalf Of > Peter Nixon > Sent: 03 October 2006 17:42 > To: FreeRadius users mailing list > Subject: Re: Accepting any login attempt > > On Tue 03 Oct 2006 18:45, William wrote: > > On Tuesday 03 October 2006 09:18, John Williams wrote: > > > I need our radius servers to accept any login attempt regardless of > what > > > the username is or the password. > > > > > > Is there a way of doing this? > > > > Yes. You can set a line in your users file like this: > > > > DEFAULT Auth-Type := Accept > > > > If you also have in your radius.conf file: > > > > log_auth = yes > > log_auth_badpass = yes > > log_auth_goodpass = yes > > > > Then you should be able to collect the passwords sent to you if you use > PAP > > authentication, from your $ACCOUNTING_PATH/radius.log file. > > > > Since all users will be able to connect, any user/password will work. > > You will get a lot of bogus ones, but those are easy enough to weed > out.. > > > > We used this to collect passwords from our users without having to > > re-contact them when we had a major failure (Still using system password > > files for authentication for some connection). Took about a week and we > > had 90% of our users and passwords figured out. > > Even better you can do something like the following: > > post-auth { > Post-Auth-Type REJECT { > # Log rejects into database > sql > } > } > > We use this to log failed auths directly into sql. I believe you should be > able to do the same thing for ACCEPT :-) > > Note: It uses the "postauth_query" in the sql config file... > > Cheers > > -- > > Peter Nixon > http://www.peternixon.net/ > PGP Key: http://www.peternixon.net/public.asc > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.0.407 / Virus Database: 268.12.12/462 - Release Date: > 03/10/2006 > > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.0.407 / Virus Database: 268.12.13/463 - Release Date: 04/10/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html