At 08:21 PM 11/12/2002 -0600, Marcin Groszek wrote:
Version 0.7.1This seems like a bug in the operation of the server. Assuming you
I am using default radius.config file and i experience problem with
denying access to group of users.
Normally I use realm, hunt-group work fine port limit also work but ....
Wen i send request to server with realm the server responds OK for user
in reject group
but wen i send same request to same server without realm the request is
getting reject as should be.
realms file is setup to LOCAL for my realm.
I include debug from auth.
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=2, length=57
User-Name = "marcin"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm NULL for User-Name = "marcin"
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
HASH: user marcin found in hashtable bucket 68338
HASH: matched user marcin in group users
users: Matched DEFAULT at 71
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Reject
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=6, length=70
User-Name = "[EMAIL PROTECTED]"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm hostplus.net for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm hostplus.net
rlm_realm: Adding Stripped-User-Name = "marcin"
rlm_realm: Proxying request from user marcin to realm hostplus.net
rlm_realm: Adding Realm = "hostplus.net"
rlm_realm: Authentication realm is LOCAL.
rlm_realm: auth_port is not set. proxy cancelled
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
have an entry along the lines of:
DEFAULT Group == "reject", Auth-Type := Reject
Fall-Through = No
You could try adding the realm to the check items in a second entry
such that you now have:
DEFAULT Group == "reject", Auth-Type := Reject
Fall-Through = No
DEFAULT Group == "reject", Realm == "hostplus.net", Auth-Type := Reject
Fall-Through = No
That may or may not work. I suspect the problem lies with the Group
lookup attempting to use 'User-Name' which I think will still contain
'[EMAIL PROTECTED]'. Can you include your realm entry for the realm?
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Wholesale Internet Services - http://www.megapop.net
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
