(RADIATOR) ContinueUntilIgnore

Kalev Nurklik Fri, 25 Jun 1999 07:56:09 -0700
Does this parameter work?
part of radius.cfg:

><Realm DEFAULT>
># first global GROUP not really needed but have tried without
># and for no avail
>      <AuthBy GROUP>
># Start of first GROUP for checking if users are defined in
># users file
>         <AuthBy GROUP>
># policy to stop trying if user is not found in users file
>#!! THIS IS THE PROBLEM PART
>            AuthByPolicy ContinueUntilIgnore
>            <AuthBy FILE>
>            </AuthBy>
># this AuthBy should work when user is found in users file
>            <AuthBy SYSTEM>
>               Identifier Blocked-PW
>               UseGetspnam
>               AddToReply Reply-Message="Using Blocked profile"
>            </AuthBy>
>         </AuthBy>
># end of first GROUP
>         <AuthBy GROUP>
># start of second GROUP should use default policy that's global
># these Authby clauses just select different user groups
>            <AuthBy FILE>
>               Filename %D/users.check
>            </AuthBy>
>            <AuthBy SYSTEM>
>               Identifier Site-PW
>               UseGetspnam
>               AddToReply Reply-Message="Using Site profile"
>            </AuthBy>
>            <AuthBy SYSTEM>
>               Identifier  Mailbox-PW
>               UseGetspnam
>               AddToReply Reply-Message="Using Mailbox profile"
>            </AuthBy>
>            <AuthBy SYSTEM>
>               Identifier Unix-PW
>               UseGetspnam
>            </AuthBy>
># end of second GROUP
>         </AuthBy>
># end of global GROUP
>      </AuthBy>
>      AcctLogFileName %L/%N/detail
></Realm>

in users file:

>kalevb          Auth-Type = Blocked-PW
>                Framed-IP-Address = 194.106.127.1

As I can understand from manual then "Ignore" should emerge when
AuthBy ignores a user e.g user isn't in the AuthBy clause user
database (flat file, relational-, system database, etc). Am I correct
or am I missing something?
Trace 4 for user kalev who is not in the users file and is in system
database eg. Solaris 2.7 shadow file and should be authenticated
with second AuthBy GROUP not within first GROUP
On the other hand user kalevb gets authenticated twice which
clearly shows that there is no Ignore or no action taken for ignore -
and Radiator takes another try with AuthBy SYSTEM...

>see attached file trace.txt

BTW manual states that "All AuthBy clauses understand the
following parameters:" and within these parameters is
AuthByPolicy. For AuthBy FILE I got this:

> ERR: Unknown keyword 'AuthByPolicy' in
> /usr/private/etc/raddb/radius.cfg line 77

regards,

__________________________________
Kalev Nurklik
MicroLink Online
Sakala 19, 10141 Tallinn, Estonia
Tel: +372 6 308 909
Fax: +372 6 308 901
E-mail: [EMAIL PROTECTED]
http://www.online.ee

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) ContinueUntilIgnore

Reply via email to
