Hello, I have such a problem:
1. radiusd.conf passwd admins { filename = .... format = "*User-Name:User-Password" } passwd groups { filename = .... format = "=Group-Name:*,User-Name" } authorize { preprocess chap mschap eap groups admins files } 2. "admins" looks like: zych:123qwe kowalski:qwerty 3. "group" looks like: admin:zych,kowalski 4. "users" (only begining): DEFAULT Group-Name == "admin", Auth-Type == Local Service-Type = NAS-Prompt-User, Login-Service = Telnet, Login-TCP-Port = Telnet, Fall-Through = No And it doesn't working ("users" not matching, not appending "Service-Type", so device doesn't authorize me... rad_recv: Access-Request packet from host x.x.x.x:1645, id=107, length=78 NAS-IP-Address = x.x.x.x NAS-Port = 66 NAS-Port-Type = Virtual User-Name = "zych" Calling-Station-Id = "x.x.x.x" User-Password = "123qwe" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 1 rlm_passwd: Added Group-Name: 'admin' to reply_items modcall[authorize]: module "groups" returns ok for request 1 rlm_passwd: Added User-Password: '123qwe' to config_items modcall[authorize]: module "admins" returns ok for request 1 modcall[authorize]: module "files" returns notfound for request 1 modcall: group authorize returns ok for request 1 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 107 to x.x.x.x:1645 Finished request 1 When I remove "Group-Name == "admin" from users, so begining looks: DEFAULT Auth-Type == Local Service-Type = NAS-Prompt-User, Login-Service = Telnet, Login-TCP-Port = Telnet, Fall-Through = No everything works OK, "files" matches, and device authorize me: rad_recv: Access-Request packet from host x.x.x.x:1645, id=116, length=78 NAS-IP-Address = x.x.x.x NAS-Port = 66 NAS-Port-Type = Virtual User-Name = "zych" Calling-Station-Id = "x.x.x.x" User-Password = "123qwe" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 rlm_passwd: Added Group-Name: 'admin' to reply_items modcall[authorize]: module "groups" returns ok for request 0 rlm_passwd: Added User-Password: '123qwe' to config_items modcall[authorize]: module "admins" returns ok for request 0 users: Matched entry DEFAULT at line 2 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 116 to 192.168.192.252:1645 Service-Type = NAS-Prompt-User Login-Service = Telnet Login-TCP-Port = Telnet Finished request 0 How to match users authorized from "passwd" module? My idea is simple: I want to have separate "passwd" files for different users groups, with only "username:password". Any help, please? -- Zbigniew Zych - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html