Bug #2742
closed
freeradius2 let u add users with username/passwd fields empty
0%
Description
Hi.
I'm working with FreeRadius2/CP and I had seen than the GUI let me add users with username/passwd fields empty, doesn't give me any error or warning, I add 2 users without issue, I try to login in my client side but it won't let me pass which is good.
I share to u the screens where u can verify this info.
The log say this went u try to login with username/passwd empty:
Auth: Login incorrect: [ / ] (from client cp port 3 cli :-::-:-:-)
Pfsense 2.0.2 i386
uname -a
FreeBSD pfsense gw 8.1-RELEASE-p13 FreeBSD 8.1-RELEASE-p13 #1: Fri Dec 7 16:55:26 EST 2012 root@snapshots-8_1-i386.builders.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
Files
| pfsense-bug-fr2.JPG (19.7 KB) pfsense-bug-fr2.JPG | FR Userlist | ||
| pfsense-bug-fr2-console.JPG (8.79 KB) pfsense-bug-fr2-console.JPG | Pfsense Freeradius users file |
Updated by Alexander Wilke over 11 years ago
It's not a bug - it's a feature ;-)
I disabled the check that username/password fields are neccessary to create a user a very long time ago. There could be scenarions in which someone would just add something like this:
DEFAULT Service-Type Framed-User, Framed-Protocol PPP
Service-Type = Framed-User,
Framed-Protocol = PPP,
Fall-Through = Yes
This could be done with the fields below named "Check-Items" and "Reply-Items".
I had someone who needed this to use the users file and then check against an LDAP group.
Or it could be used to allow access for users which authenticate through a NAS which has a special IP. So you are able to allow all users to authenticate if they use the NAS with IP 192.168.10.1. Other users which authenticate through another NAS with different IP you can reject them or do something else.
Hope this was useful.
Updated by 
