Hi everyone, I have encountered strange problem lately, and i don't know how to manage it Here what happens: I got users defined in /etc/passwd and /etc/shadow, additionaly there is a mirror in radius users file as follows (OS is the Sun OS 7) /etc/passwd aloboda:x:1001:101:Adam Loboda, Admin., inz. eks., IZO, Warszawa:/export/home/aloboda:/bin/sh
/etc/shadow aloboda:M/xTQF/Kys9Rg:::::::
additionaly there is a /etc/group file : warszawa::104:aloboda,grzes,mariusz,zbyszek,szczepan,pgrubek,mirek,michal,muki,chabrosj,goral,wosik,krisbo,daniel,daras,mariuszc,marior,mchorazy,marcinsw,starcu,backup,ania,pawlo,darek,kania,kobe,hania,dagma,kasiar,elan,mgudzak,kasiac,rafal,marekk,jkawka,mistar,pkowalcz,polpak,mkozak,wdrozenia,mariuszg katowice::105:kupkap,jacek,adam,mistela,opole_k,opole_m,backup,kamilaf,kkrystek,marekk,michalc,przemekz,mariuszw,rafald,robertp,marcins,irekp,piotro,teresap,saymon,ania,pawlo,darek,kania,kobe,hania,dagma,kasiar,elan,mgudzak,kasiac,rafal,katowice,jkawka,szczepan,polpak,aloboda,mkozak,wdrozenia lublin::111:jzuk,mkozak,mistar,tmalyska,jkusinsk,mmazur,pgrom,mtomczyk,backup,ania,pawlo,darek,kania,kobe,hania,dagma,kasiar,elan,mgudzak,kasiac,rafal,jkawka,aloboda,szczepan,marekk,mkozak,wdrozenia krakow::113:bolekg,irzenski,andrew,backup,ania,pawlo,darek,kania,kobe,hania,dagma,kasiar,elan,mgudzak,kasiac,rafal,jkawka,szczepan,polpak,aloboda,marekk,mkozak,wdrozenia,michalc,marekk cpd::114:jbanas,pioboche,pignaczak,kolasae,myrtap,mpaudyn,aloboda test::117:aloboda In radius 'users' file i have declared # Adam Loboda aloboda Auth-Type := System, Huntgroup-Name == "gdansk" Service-Type = Shell-User, cisco-avpair = "shell:priv-lvl=15"
aloboda Auth-Type := System, Huntgroup-Name == "warszawa" Service-Type = Shell-User, cisco-avpair = "shell:priv-lvl=7" aloboda Auth-Type := System, Huntgroup-Name == "lublin" Service-Type = Shell-User, cisco-avpair = "shell:priv-lvl=1" so that user 'aloboda' could log in to few NASes in different huntgroups with different Cisco privilege levels (notice cisco-avpairs) But regardless of that definition, RADIUS always takes into consideration definition of group from /etc/group (i dont want it to do it) only, it ignores the users 'Huntgroup-Name' condition, if the user is not placed in proper group in the /etc/group file. In result, the user 'aloboda' cannot log in to a NAS from Huntgroup called 'gdansk', because he in not assigned to this group in the /etc/group file. It receives a huntgroup reject. How to configure RADIUS to authenticate users against unix files (Auth-Type := System) and ignore /etc/group definitions??? Please HELP
> Adam Loboda > Polish TELCO |