IEA Software, Inc.

IEA Software Knowledge Base - ID:55352

IEA Knowledge base

RadiusNT (KB ID: 55352)

Dec 21 2004

I want to allow certain users to authenticate without having to enter a password, is this possible and how do I configure RadiusNT/X to allow this?

Dec 21 2004

Set the users password field to the special keyword 'ANY' -- doing this tells RadiusNT/X to allow the account to authenticate using any password. Note even though a password is not required some form of password attribute must be sent to RadiusNT/X. If the RADIUS client does not send any password information to RadiusNT/X the authentication will fail due to requirements of the RADIUS RFC. This is by design.

Customers using RadiusNT/X v5 can work around this by adding an Authentication Input filter to manually add a fake password attribute for incoming authentication requests.

Note the ANY keyword will not work for authentication methods which provide mutual authentication based on knowledge of the users password. Such methods include EAP-LEAP, MSCHAPv2, (P)EAP-MSCHAPv2. This is because the client requires proof of the servers identity and without it will not allow itself to access the server.