On Wed, Sep 05, 2012 at 09:53:49PM +0400, ZZ Wave wrote: > Help me please. Can't figure out how to authenticate my PBX calls only by > Calling-Station-Id attribute, without username. /etc/raddb/users is useless > here, right? > > Here's "radiusd -X > debug.txt" output: http://pastebin.com/LfB9NZvf
In the authorize section of my sites-avail/default configuration, I have code which updates the username before doing an sql module lookup. I suspect you could do something like that for your authorize section depending on where you store your user authentication information. If I am correct, I think it would look something like: (untested) authorize { if ( "%{User-Name}" =~ //) { #User-Name is empty update request { User-Name := "%{Calling-Station-Id}" } } preprocess chap mschapp digest ... unix files sql ldap ... } Maybe the update request stuff should go in modules/preprocess? I, personally, would probably leave it in authorize{} to have my local changes spread into as few files as possible. Then your user file or other backend could have Calling-Station-Id values as usernames and set "Auth-Type := Accept" to get around not having a password. In my MySQL database's radcheck table, that looks like: +--------+-------------------+-----------+----+--------+ | id | username | attribute | op | value | +--------+-------------------+-----------+----+--------+ | 284803 | test | Auth-Type | := | Accept | +--------+-------------------+-----------+----+--------+ -- Scott Lambert KC5MLE Unix SysAdmin lamb...@lambertfam.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html