|
|
|
| ||||
| ||||
| Question: PPPoE-Server : Freeradius sql login with any user/password or noauth | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
This method explain how to allow all user login with any username/password with freeradius sql.
I set on Ubuntu 9.04 server i386 Freeradius 2.1.0 ppp 2.4.5 rp-pppoe 3.10 with kernel mode
Method 1. edit your /etc/freeradius/sql.conf (I use old sql.conf from freeradius 1.1.7 so all containt inone file sql.conf) in line
####################################################################### # Default profile ####################################################################### # This is the default profile. It is found in SQL by group membership. # That means that this profile must be a member of at least one group # which will contain the corresponding check and reply items. # This profile will be queried in the authorize section for every user. # The point is to assign all users a default profile without having to # manually add each one to a group that will contain the profile. # The SQL module will also honor the User-Profile attribute. This # attribute can be set anywhere in the authorize section (ie the users # file). It is found exactly as the default profile is found. # If it is set then it will *overwrite* the default profile setting. # The idea is to select profiles based on checks on the incoming packets, # not on user group membership. For example: # -- users file -- # DEFAULT Service-Type == Outbound-User, User-Profile := "outbound" # DEFAULT Service-Type == Framed-User, User-Profile := "framed" # # By default the default_user_profile is not set # default_user_profile = "DEFAULT" #<=== uncomment this line. # #
# Determines if we will query the default_user_profile or the User-Profile
# if the user is not found. If the profile is found then we consider the user
# found. By default this is set to 'no'.
#
query_on_not_found = no #<=== uncomment this line.
2. Restart your freeradius
if you need the user to get any accept reply from freeradius. add username DEFAULT to groupname and add data reply to table radgroupreply.
suh as
table usergroup , i use username as DEFAULT , groupname as 6 , priority as 1
table radgrouprepy
finish !!!
you can login with any user you want.
For me i set DEFAULT group to ip class 13.0.0.0/24 and set iptables to redirect this class to page.
To tell client user not found.
Notice : if not found user in radcheck , freeradius send you to DEFAULT user and accept login.
if found user but wrong password , login denie.
by: EasyZone วันที่ 6/9/2553 - 16:48:14 |
| add this to radcheckgroup to accept default user 6 Auth-Type := Accept By: EasyZone Date 04/01/2553 - 11:44:37 125.26.246.251.adsl.dynamic.totbb.net, [delete] |
| I use sql.conf of freeradius 1.7 on freeradius 2.1.0 so it differrent. for freeradius 2.1.7 up you may set it on /etc/freeradius/sql/mysql/dailup.conf By: EasyZone Date 21/01/2553 - 20:30:31 113.53.110.116, [delete] |
