On Wed, Sep 05, 2012 at 09:53:49PM +0400, ZZ Wave wrote:
> Help me please. Can't figure out how to authenticate my PBX calls only by
> Calling-Station-Id attribute, without username. /etc/raddb/users is useless
> here, right?
>
> Here's "radiusd -X > debug.txt" output: http://pastebin.com/LfB9NZvf
In the authorize section of my sites-avail/default configuration,
I have code which updates the username before doing an sql module
lookup.
I suspect you could do something like that for your authorize section
depending on where you store your user authentication information.
If I am correct, I think it would look something like: (untested)
authorize {
if ( "%{User-Name}" =~ //) { #User-Name is empty
update request {
User-Name := "%{Calling-Station-Id}"
}
}
preprocess
chap
mschapp
digest
...
unix
files
sql
ldap
...
}
Maybe the update request stuff should go in modules/preprocess? I,
personally, would probably leave it in authorize{} to have my local
changes spread into as few files as possible.
Then your user file or other backend could have Calling-Station-Id
values as usernames and set "Auth-Type := Accept" to get around not
having a password.
In my MySQL database's radcheck table, that looks like:
+--------+-------------------+-----------+----+--------+
| id | username | attribute | op | value |
+--------+-------------------+-----------+----+--------+
| 284803 | test | Auth-Type | := | Accept |
+--------+-------------------+-----------+----+--------+
--
Scott Lambert KC5MLE Unix SysAdmin
lamb...@lambertfam.org
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
