|
|
|
| ||||
| ||||
| Question: PPPoE-Server : Freeradius unlang accept after chap reject |
This method set for ISP that need to accept all pppoe user even though password is wrong. and then give user to ip class and use iptables redirect this class to html page tell user password is wrong.
1. edit your /etc/freeradius/site-enabled/default
authenticate { # # PAP authentication, when a back-end database listed # in the 'authorize' section supplies a password. The # password can be clear-text, or encrypted. Auth-Type PAP { pap }
# # Most people want CHAP authentication # A back-end database listed in the 'authorize' section # MUST supply a CLEAR TEXT password. Encrypted passwords # won't work. Auth-Type CHAP { chap { reject = 1 }
if (reject) {
update reply {
Framed-IP-Address = "13.0.0.0+" Framed-IP-Netmask = "255.255.255.0"
}
update control { Auth-Type := "Accept"
} ok }
}
2. restart freeradius and test by: EasyZone วันที่ 6/9/2553 - 16:26:17 |
| Hi, I´ve found your article on http://old.nabble.com/-RESOLVED--customize-Post-Auth-Type-REJECT-td27173361.html and i´m trying to do something similiar to your case. I want to reject users when they type wrong passwords, but i´d like to return a reply-message. Below is the code i´ve written and it isn´t working: ... authenticate { ... Auth-Type CHAP { chap reject=1 } ... } ... post-auth { ... Post-Auth-Type REJECT { attr_filter.access_reject sql if (reject) { update reply { Reply-Message := "Rejected" } } } } ... The output i got is: [chap] Password check failed ++[chap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> luizgustavo@wni.com.br attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated [sql] expand: %{User-Name} -> luizgustavo@wni.com.br [sql] sql_set_user escaped user --> 'luizgustavo@wni.com.br' [sql] expand: %{User-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-'Chap-Password'}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'luizgustavo@wni.com.br', 'Chap-Password', 'Access-Reject', '2010-01-20 10:52:13') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'luizgustavo@wni.com.br', 'Chap-Password', 'Access-Reject', '2010-01-20 10:52:13') rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++? if (reject) ? Evaluating (reject) -> FALSE ++? if (reject) -> FALSE Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 11 to 192.168.0.101 port 54589 Could you please help me telling what am i doing wrong? Thanks very much. By: Luiz Scandelari Date 20/01/2553 - 20:11:33 187.7.139.74, [delete] |
| Auth-Type CHAP { chap { reject = 1 } if (reject) { update reply { Reply-Message := "Rejected" } } By: EasyZone Date 21/01/2553 - 10:30:12 125.26.249.164.adsl.dynamic.totbb.net, [delete] |
