Re: Multiple NAS Vendors, one user-id?

Fri, 07 Jan 2005 12:51:39 -0800 


On Fri, 7 Jan 2005, Dustin Doris wrote:

Maybe you can do groups.  For example, setup an unlimited group
and a read_only group.  Then put the users into the appropriate group.

Have your users file say something like.

DEFAULT  Huntgroup-Name == Juniper, Group == "unlimited"
        Juniper-Local-User-Name = "UNLIMITED"

DEFAULT Huntgroup-Name == Juniper, Group == "read_only"
        Juniper-Local-User-Name = "READ_ONLY"

This seems like the answer, but I am again being stupid and must be missing something. When I try to login now, I get authenticated, but the Attributes never get sent back. Here is what I have defined:
----------------------------------------------------------------
DEFAULT Group == "J-UNRESTRICTED", Huntgroup-Name == JUNIPER
Juniper-Local-User-Name = "UNRESTRICTED",
Fall-Through = Yes

DEFAULT Group == "R-UNRESTRICTED", Huntgroup-Name == RIVERSTONE
       Riverstone-User-Level = 15,
        Fall-Through = Yes

jfeger  Auth-Type = System
       Group = "J-UNRESTRICTED"

--------------------------------------------------------------------

In the huntgroups file:
JUNIPER         NAS-IP-Address == x.x.x.x (I took the IP out in this email)

--------------------------------------------------------------------

So, when I ssh to the IP of the NAS box and attempt to login, I get authenticated, but none of the attributes are sent back:


   rlm_realm: No '@' in User-Name = "jfeger", looking up realm NULL
   rlm_realm: No such realm "NULL"
 modcall[authorize]: module "suffix" returns noop for request 0
 rlm_eap: No EAP-Message, not doing EAP
 modcall[authorize]: module "eap" returns noop for request 0
   users: Matched jfeger at 34
 modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
 rad_check_password:  Found Auth-Type System
auth: type "System"
 Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
 modcall[authenticate]: module "unix" returns ok for request 0
modcall: group authenticate returns ok for request 0
Login OK: [jfeger] (from client bb-stlc.jp-01 port 0)
Sending Access-Accept of id 10 to X.X.X.X:2315
Finished request 0


So, what am I missing, or have out of sequence?
I have tried taking Fall-Through off, I have tried putting the Huntgroup before the Group....etc...

Thanks,
James



- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to