Hello,
I have such a problem:
1. radiusd.conf
passwd admins {
filename = ....
format = "*User-Name:User-Password"
}
passwd groups {
filename = ....
format = "=Group-Name:*,User-Name"
}
authorize {
preprocess
chap
mschap
eap
groups
admins
files
}
2. "admins" looks like:
zych:123qwe
kowalski:qwerty
3. "group" looks like:
admin:zych,kowalski
4. "users" (only begining):
DEFAULT Group-Name == "admin", Auth-Type == Local
Service-Type = NAS-Prompt-User,
Login-Service = Telnet,
Login-TCP-Port = Telnet,
Fall-Through = No
And it doesn't working ("users" not matching, not appending "Service-Type",
so device doesn't authorize me...
rad_recv: Access-Request packet from host x.x.x.x:1645, id=107, length=78
NAS-IP-Address = x.x.x.x
NAS-Port = 66
NAS-Port-Type = Virtual
User-Name = "zych"
Calling-Station-Id = "x.x.x.x"
User-Password = "123qwe"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
rlm_passwd: Added Group-Name: 'admin' to reply_items
modcall[authorize]: module "groups" returns ok for request 1
rlm_passwd: Added User-Password: '123qwe' to config_items
modcall[authorize]: module "admins" returns ok for request 1
modcall[authorize]: module "files" returns notfound for request 1
modcall: group authorize returns ok for request 1
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 107 to x.x.x.x:1645
Finished request 1
When I remove "Group-Name == "admin" from users, so begining looks:
DEFAULT Auth-Type == Local
Service-Type = NAS-Prompt-User,
Login-Service = Telnet,
Login-TCP-Port = Telnet,
Fall-Through = No
everything works OK, "files" matches, and device authorize me:
rad_recv: Access-Request packet from host x.x.x.x:1645, id=116, length=78
NAS-IP-Address = x.x.x.x
NAS-Port = 66
NAS-Port-Type = Virtual
User-Name = "zych"
Calling-Station-Id = "x.x.x.x"
User-Password = "123qwe"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
rlm_passwd: Added Group-Name: 'admin' to reply_items
modcall[authorize]: module "groups" returns ok for request 0
rlm_passwd: Added User-Password: '123qwe' to config_items
modcall[authorize]: module "admins" returns ok for request 0
users: Matched entry DEFAULT at line 2
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 116 to 192.168.192.252:1645
Service-Type = NAS-Prompt-User
Login-Service = Telnet
Login-TCP-Port = Telnet
Finished request 0
How to match users authorized from "passwd" module?
My idea is simple: I want to have separate "passwd" files for different
users groups, with only "username:password".
Any help, please?
--
Zbigniew Zych
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
