Quick update. Although the radius server no longer accepts blank passwords, i now have a problem where users who belong to groups which are not allowed to access nas devices in certain huntgroups can now do so. Any ideas?
On Thu, Jan 21, 2010 at 7:14 PM, Satyam Mathura <satz...@gmail.com> wrote: > The reason i had those configs was because they were outlined as steps to > reject authentication by default in the guide i was using. > > http://wiki.freeradius.org/SQL_Huntgroup_HOWTO > > "Note: If you want to reject authentication by default then edit the > raddb/users file and add this: > > DEFAULT Auth-Type := Reject > > Then add Auth-Type Accept with := as op in radgroupcheck for each group" > > > I've commented out the DEFAULT Auth-Type := Reject in the users file > > and removed the Auth-Type := Accept from the radgroupcheck table and the > server no longer accepts a blank password. > > > Guide is incorrect or needs updating? > > Thanks for the help guys. > > > > > > > On Thu, Jan 21, 2010 at 6:58 PM, Bjørn Mork <bj...@mork.no> wrote: > >> Satyam Mathura <satz...@gmail.com> writes: >> >> > Line 204 in my users file is the following: >> > DEFAULT Auth-Type := Reject >> >> You don't want that. It removes the server's ability to figure it out >> by itself. >> >> >> > my radgroupcheck config: >> > +----+------------------+----------------+----+----------------+ >> > | id | groupname | attribute | op | value | >> > +----+------------------+----------------+----+----------------+ >> > | 5 | engineeringadmin | Huntgroup-Name | == | admin | >> > | 6 | engineeringadmin | Auth-Type | := | Accept | >> >> Why? This will make the server act as you describe: Any username in the >> engineeringadmin group will be accepted regardless of password. >> >> >> Bjørn >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html