There is a network where users are using PPPoE to establish connections to the Access servers. We have lost the billing system and users' DB. The only condition that we know is that 'Valid credential should be credential where username and password are the same value. (i.e. username: johnsmith, password: johnsmith)'.
We'd like to recover access to the Internet asap.
Setup that we have now: Ubuntu 2004, accel-ppp, freeradius3. Everything works fine but we have to add a record for each user to raddb/mods-config/files/authorize file.
# raddb/mods-config/files/authorize
user1 Cleartext-Password := "user1"
user2 Cleartext-Password := "user2"
userN Cleartext-Password := "userN"
Is that possible to avoid manually adding users? The script should verify credentials assuming that username and valid password are the same value.
Also, I tried:
# raddb/mods-config/files/authorize
DEFAULT Auth-Type := Accept
radtest -t mschap tqq tq 172.17.0.1 0 testing123 - Received Access-Accept but when trying to set up PPPoE on a Router or PC I get Authentication failed, incorrect username or password.
Appreciate any help.
freeradius-radius-1 | (11) Received Access-Request Id 1 from 192.168.192.1:49648 to 192.168.192.2:1812 length 178
freeradius-radius-1 | (11) User-Name = "q"
freeradius-radius-1 | (11) NAS-Identifier = "accel-ppp"
freeradius-radius-1 | (11) NAS-IP-Address = 172.17.0.1
freeradius-radius-1 | (11) NAS-Port-Type = Virtual
freeradius-radius-1 | (11) Service-Type = Framed-User
freeradius-radius-1 | (11) Framed-Protocol = PPP
freeradius-radius-1 | (11) Calling-Station-Id = "d8:47:32:c3:72:bd"
freeradius-radius-1 | (11) Called-Station-Id = "00:0c:29:fb:5d:8e"
freeradius-radius-1 | (11) MS-CHAP-Challenge = 0x57d2a52805a8b83f1c2241558e501549
freeradius-radius-1 | (11) MS-CHAP2-Response = 0x01002b3c2451214fb6e0583fb9972a49a56e00000000000000001ae496c046d6b776df57a8ba10ab82254b78878444ce0cb1
freeradius-radius-1 | (11) # Executing section authorize from file /etc/freeradius/sites-enabled/default
freeradius-radius-1 | (11) authorize {
freeradius-radius-1 | (11) policy filter_username {
freeradius-radius-1 | (11) if (&User-Name) {
freeradius-radius-1 | (11) if (&User-Name) -> TRUE
freeradius-radius-1 | (11) if (&User-Name) {
freeradius-radius-1 | (11) if (&User-Name =~ / /) {
freeradius-radius-1 | (11) if (&User-Name =~ / /) -> FALSE
freeradius-radius-1 | (11) if (&User-Name =~ /@[^@]*@/ ) {
freeradius-radius-1 | (11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
freeradius-radius-1 | (11) if (&User-Name =~ /\.\./ ) {
freeradius-radius-1 | (11) if (&User-Name =~ /\.\./ ) -> FALSE
freeradius-radius-1 | (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
freeradius-radius-1 | (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
freeradius-radius-1 | (11) if (&User-Name =~ /\.$/) {
freeradius-radius-1 | (11) if (&User-Name =~ /\.$/) -> FALSE
freeradius-radius-1 | (11) if (&User-Name =~ /@\./) {
freeradius-radius-1 | (11) if (&User-Name =~ /@\./) -> FALSE
freeradius-radius-1 | (11) } # if (&User-Name) = notfound
freeradius-radius-1 | (11) } # policy filter_username = notfound
freeradius-radius-1 | (11) [preprocess] = ok
freeradius-radius-1 | (11) [chap] = noop
freeradius-radius-1 | (11) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
freeradius-radius-1 | (11) [mschap] = ok
freeradius-radius-1 | (11) [digest] = noop
freeradius-radius-1 | (11) suffix: Checking for suffix after "@"
freeradius-radius-1 | (11) suffix: No '@' in User-Name = "q", looking up realm NULL
freeradius-radius-1 | (11) suffix: No such realm "NULL"
freeradius-radius-1 | (11) [suffix] = noop
freeradius-radius-1 | (11) eap: No EAP-Message, not doing EAP
freeradius-radius-1 | (11) [eap] = noop
freeradius-radius-1 | (11) files: users: Matched entry DEFAULT at line 1
freeradius-radius-1 | (11) [files] = ok
freeradius-radius-1 | (11) [expiration] = noop
freeradius-radius-1 | (11) [logintime] = noop
freeradius-radius-1 | (11) pap: WARNING: Auth-Type already set. Not setting to PAP
freeradius-radius-1 | (11) [pap] = noop
freeradius-radius-1 | (11) } # authorize = ok
freeradius-radius-1 | (11) Found Auth-Type = Accept
freeradius-radius-1 | (11) Auth-Type = Accept, accepting the user
freeradius-radius-1 | (11) # Executing section post-auth from file /etc/freeradius/sites-enabled/default
freeradius-radius-1 | (11) post-auth {
freeradius-radius-1 | (11) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
freeradius-radius-1 | (11) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE
freeradius-radius-1 | (11) update {
freeradius-radius-1 | (11) No attributes updated for RHS &session-state:
freeradius-radius-1 | (11) } # update = noop
freeradius-radius-1 | (11) [exec] = noop
freeradius-radius-1 | (11) policy remove_reply_message_if_eap {
freeradius-radius-1 | (11) if (&reply:EAP-Message && &reply:Reply-Message) {
freeradius-radius-1 | (11) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
freeradius-radius-1 | (11) else {
freeradius-radius-1 | (11) [noop] = noop
freeradius-radius-1 | (11) } # else = noop
freeradius-radius-1 | (11) } # policy remove_reply_message_if_eap = noop
freeradius-radius-1 | (11) if (EAP-Key-Name && &reply:EAP-Session-Id) {
freeradius-radius-1 | (11) if (EAP-Key-Name && &reply:EAP-Session-Id) -> FALSE
freeradius-radius-1 | (11) } # post-auth = noop
freeradius-radius-1 | (11) Sent Access-Accept Id 1 from 192.168.192.2:1812 to 192.168.192.1:49648 length 32
freeradius-radius-1 | (11) Session-Timeout = 14400
freeradius-radius-1 | (11) Termination-Action = RADIUS-Request
freeradius-radius-1 | (11) Finished request
freeradius-radius-1 | Waking up in 1.9 seconds.
