Can freeradius bypass authentication for one realm only

authenticationfreeradiusfreeradius2

I have a question similar to this one, but without the VLAN complications. How can(?) I configure FreeRadius 1.x to allow any combination of username/password for one realm only?

If FreeRadius 1.x does not provide this ability, does the 2.x line do so? Does some other RADIUS server have this ability? If so, I could configure this realm to proxy to the ..more tolerant… RADIUS server.

Best Answer

I'm not sure about the RADIUS part, but rest should work.

From FreeRADIUS documentation, use PAM for this realm only, specify pam-auth type:

DEFAULT Huntgroup-Name ="somehunt", Auth-Type=PAM, Pam-Auth="radhunt", Simultaneous-Use=1

and then add radhunt file to /etc/pam.d/ with this contents:

auth    required        pam_permit.so
account required        pam_permit.so
session required        pam_permit.so

Related Solutions

Mysql – Monitor freeradius for failed login attempts and trigger email to user

You could try using perl in Post-Auth-Type REJECT

post-auth {
  # Login successful: get an address from the IP pool.
  ippool
  Post-Auth-Type REJECT {
   # Login failed
   perl
  }
}

references Freeradius FAQ, Post-Auth-Type docs, rlm_perl.

Centos – Freeradius authentication failed for unknown reason

I've always seen the Cleartext-Password attribute set, not Password, and using the := operator, not ==. Also, I believe that setting Auth-Type is almost always wrong, so I suggest that you remove that. Try the following in the database table:

username="test", attribute="Cleartext-Password", op=":=", value="test123"

Best Answer

Related Solutions

Mysql – Monitor freeradius for failed login attempts and trigger email to user

Centos – Freeradius authentication failed for unknown reason

Related Topic