Re: [Fwd: rlm_passwd & realms]

Mon, 06 Jun 2005 06:15:01 -0700 

Alan or Kevin,

found this possible to be done with Autz-Type.

First, I have one passwd file which  should check the following things:

passwd edg_check {
           filename = /etc/freeradius/pass_check
           format = "*Realm:~NAS-IP-Address:Autz-Type"

       }
The name of this passwd I have put in authorize section. In the same section I have also created an Autz-Type, like follows: 

authorzie{
 preprocess
 mschap
 chap
 suffix
 edg_check
 Autz-Type mt {
    edg_pass
    edg_pass_group
 }
}

So the content of the 'edg_check' is 'mt:10.5.8.102:mt'.
Seems that somewhere is mistake caus' receiving in the debug screen the following information (pay attention to "rlm_passwd: *Unable to create Autz-Type: mt*". What could it mean?): 
.........................
rlm_realm: Looking up realm "mt" for User-Name = "[EMAIL PROTECTED]"
   rlm_realm: Found realm "mt"
   rlm_realm: Adding Stripped-User-Name = "edg"
   rlm_realm: Proxying request from user edg to realm mt
   rlm_realm: Adding Realm = "mt"
   rlm_realm: Authentication realm is LOCAL.
 modcall[authorize]: module "suffix" returns noop for request 0
 rlm_eap: No EAP-Message, not doing EAP
 modcall[authorize]: module "eap" returns noop for request 0
rlm_passwd: *Unable to create Autz-Type: mt*
rlm_passwd: Added NAS-IP-Address: '10.5.8.102' to request_items
 modcall[authorize]: module "edg_check" returns ok for request 0
modcall: group authorize returns ok for request 0
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user 
auth: Failed to validate the user.
Login incorrect: [edg/edg] (from client lalala port 0 cli 10.5.8.106)

Thanks a lot,

Edgars



Alan DeKok wrote:


Edgars <[EMAIL PROTECTED]> wrote:

i had a thought that I could make so that all my users would have an
access to different servers (realms) with possibility to have
different passwords. So, I have no idea how to make this except the
thought I wrote in one of my today e-mails (about if statement).


 It's hard, and it's problematic.  I would not recommend doing this.

 Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to