Hi all, I apologize in advance if this question has been answered previously but I have searched extensively and cannot find discussion of this particular topic.
What I am wanting to setup, at least initially, is a WPA2 enterprise (802.11i) wireless access point that will authorize ANY user (accept all credentials/username-password combinations) and thereby provide encrypted wireless access as well as confirmation of the access point's identity, but not restrict which users can connect. I have the system/network/freeradius server running and authentication works if a specific username and password is supplied (eg. 'testuser Cleartext-Password := "testpass"' in users file will allow username 'testuser' with password 'testpass' to connect) or with any username and a specific password (eg. 'DEFAULT Cleartext-Password := "testpass" in the users file will allow any username that provides the password 'testpass' to connect). However, I have tried various options and cannot find a way to achieve my goal of any username with any password being accepted. I have not yet attempted to setup a database and modify SQL queries to always return true or perform the equivalent with shell scripts as it seems that a simple, single line in the users file should be able to do the job. (With only a little research done it appears that both the SQL and shell script options would be possible [would they?] but both seem unnecessarily complex for this) Some options I have tried in the users file are: DEFAULT Cleartext-Password := "testpass" # works for any username and the password "testpass" DEFAULT User-Password := "testpass" # as above (and as expected) works for any username with the password "testpass" DEFAULT Cleartext-Password =* "testpass" # doesn't work, trying to accept any password; from the users man page "Attribute =* Value As a check item, it matches if the request contains the named attribute, no matter what the value is." ==> request doesn't contain the named attribute 'Cleartext-Password'?! DEFAULT Cleartext-Password !~ /1mp0ss1ble/ # doesn't work - in the hope of accepting if password provided is NOT "1mp0ss1ble"; "Attribute !~ Expression As a check item, it matches if the request contains an attribute which does not match the given regular expression." DEFAULT Cleartext-Password =~ /.*/ # doesn't work - in the hope of accepting any user if any password is provided; "Attribute =~ Expression As a check item, it matches if the request contains an attribute which matches the given regular expression." DEFAULT Cleartext-Password > "" # doesn't work - in the hope that ANY password would be > ""; "Attribute > Value As a check item, it matches if the request contains an attribute with a value greater than the one given." For what it's worth the users manpage to which I refer is http://freeradius.org/radiusd/man/users.html#lbAE. I have also tried "DEFAULT Auth-Type := Accept" [despite having read in advance that this shouldn't work - indeed it doesn't/didn't!] This problem is (apparently) not related to certificates or Windows XP not working (as appears to be the most commonly encountered problem around this topic - I am not using Windows). The setup DOES work with any username as long as a password is explicitly specified in the users file. Some keywords to aid others who might search for the same topic in future: wildcard password, regex password, regular expression And yes I am new to and inexperienced with RADIUS so please be gentle. And yes I expect I am missing something very simple - a config setting somewhere? I hope this is as trivial a problem as I expect it to be and someone out there will smile at my naivety and know the solution I'm looking for. Thanks in advance. Toby. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
