On Fri, 7 Jan 2005, Dustin Doris wrote:
Maybe you can do groups. For example, setup an unlimited group and a read_only group. Then put the users into the appropriate group.
Have your users file say something like.
DEFAULT Huntgroup-Name == Juniper, Group == "unlimited" Juniper-Local-User-Name = "UNLIMITED"
DEFAULT Huntgroup-Name == Juniper, Group == "read_only" Juniper-Local-User-Name = "READ_ONLY"
This seems like the answer, but I am again being stupid and must be missing something. When I try to login now, I get authenticated, but the Attributes never get sent back. Here is what I have defined:
----------------------------------------------------------------
DEFAULT Group == "J-UNRESTRICTED", Huntgroup-Name == JUNIPER
Juniper-Local-User-Name = "UNRESTRICTED",
Fall-Through = Yes
DEFAULT Group == "R-UNRESTRICTED", Huntgroup-Name == RIVERSTONE Riverstone-User-Level = 15, Fall-Through = Yes
jfeger Auth-Type = System Group = "J-UNRESTRICTED"
--------------------------------------------------------------------
In the huntgroups file: JUNIPER NAS-IP-Address == x.x.x.x (I took the IP out in this email)
--------------------------------------------------------------------
So, when I ssh to the IP of the NAS box and attempt to login, I get authenticated, but none of the attributes are sent back:
rlm_realm: No '@' in User-Name = "jfeger", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched jfeger at 34 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns ok for request 0 modcall: group authenticate returns ok for request 0 Login OK: [jfeger] (from client bb-stlc.jp-01 port 0) Sending Access-Accept of id 10 to X.X.X.X:2315 Finished request 0
So, what am I missing, or have out of sequence?
I have tried taking Fall-Through off, I have tried putting the Huntgroup before the Group....etc...
Thanks, James
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html