Re: (RADIATOR) 2 questions about Radiator : fall-over solution and best AuthBy between SYSTEM and UNIX ?

Gildas PERROT Mon, 28 Feb 2000 11:02:03 -0800
Hi,

Since I have no answer with Hugh, I am posting my question to the list. Thanks 
in advance for your help.

I am not sure I was clear enough so here is my config as suggested by Hugh :

 # Authentification avec fichier users
<AuthBy SYSTEM>
        Identifier CheckSystem
 #       UseGetspnam (not necessary on FreeBSD)
</AuthBy>

<AuthBy FILE>
        Identifier CheckUser
        Filename %D/users
        AddToReplyIfNotExist Service-Type=Framed-User,\
        Framed-Protocol=PPP,\
        Framed-Netmask = 255.255.255.0,\
        Framed-Routing = None,\
        Framed-MTU = 1500,\
        Ascend-Idle-Limit = 600
</AuthBy>

 # Utilisateurs locaux
<Realm>
        AuthByPolicy ContinueWhileAccept
        AuthBy CheckUser
        AuthBy CheckSystem
</Realm>                                                        

This config doesn't work for what I want :

- I want users to be authenticated only by their login in users file (without 
any check or reply items) with default reply items returned when 
authenticated, and their password in shadow passwd file.
- in the same time, I want some users whose check and reply items are defined 
in users file to be authenticated. Their password are in users file, not in 
shadow passwd file.

For the moment, for a user for who I have the users entry :

p50bva          Password = "password"
...

I have : 

Tue Feb 22 18:20:11 2000: DEBUG: Handling with Radius::AuthFILE
Tue Feb 22 18:20:11 2000: DEBUG: Radius::AuthFILE looks for match with p50bva
Tue Feb 22 18:20:11 2000: DEBUG: Radius::AuthFILE ACCEPT:
Tue Feb 22 18:20:11 2000: DEBUG: Handling with Radius::AuthSYSTEM
Tue Feb 22 18:20:11 2000: DEBUG: Radius::AuthSYSTEM looks for match with p50bva
Tue Feb 22 18:20:11 2000: INFO: Access rejected for p50bva: No such user

Any idea about the problem ?
Thanks in advance for your help.                        Gildas

> Salut Hugues,
> 
> Décidemment, je ne te lâche pas. C'est presque bon mais...
> 
> > Salut Gildas -
> > 
> > On Fri, 18 Feb 2000, you wrote:
> > > 
> > > What I want is to have Auth = System for nearly every users without having to 
> > > put Auth = System in the users file but just the login.
> > > 
> > > > Either way is possible - let me know which you want to do.
> > > > 
> > 
> > OK - encore une fois - on y est presque .....
> > 
> > # configuration for FranceNet.fr
> > 
> > # define an AuthBy SYSTEM to check passwords
> >     
> > <AuthBy SYSTEM>
> >     Identifier CheckSystem
> >     UseGetspnam
> > </AuthBy>
> > 
> > # define an AuthBy FILE with defaults
> > 
> > <AuthBy FILE>
> >     Identifier CheckUser
> >     Filename %D/users
> >     AddToReplyIfNotExist Service-Type = Framed-User, \
> >                     Framed-Protocol = PPP, \
> >                     Framed-IP-Address = 193.149.106.4, \
> >                     Framed-IP-Netmask = 255.255.255.255, \
> >                     Framed-Routing = None, \
> >                     Framed-MTU = 1500, \
> >                     Ascend-Idle-Limit = 600       
> > </AuthBy>
> > 
> > # now define your normal Realms or Handlers
> > 
> > <Realm ....>
> >     AuthByPolicy ContinueWhileAccept
> >     AuthBy CheckUser
> >     AuthBy CheckSystem
> > </Realm>
> > 
> > ....
> > 
> > 
> > # file %D/users
> > 
> > p50fr        
> > 
> > ....
> > 
> > 
> > So - now the AuthBy FILE checks the users file first to pick up the
> > reply attributes, then the AuthBy SYSTEM checks the password. The AuthByPolicy
> > will ensure that both checks must be Accept for a user to log in.
> > 
> > Ca va comme ca? J'espere que oui, sinon ....
> 
> The users defined with their login in %D/users and in shadow passwd file are 
> authenticated BUT NOT users defined only in %D/users with :
> 
> login          Password = "password"
> ...
> 
> I got :
> 
> Tue Feb 22 18:20:11 2000: DEBUG: Handling with Radius::AuthFILE
> Tue Feb 22 18:20:11 2000: DEBUG: Radius::AuthFILE looks for match with p50bva
> Tue Feb 22 18:20:11 2000: DEBUG: Radius::AuthFILE ACCEPT:
> Tue Feb 22 18:20:11 2000: DEBUG: Handling with Radius::AuthSYSTEM
> Tue Feb 22 18:20:11 2000: DEBUG: Radius::AuthSYSTEM looks for match with p50bva
> Tue Feb 22 18:20:11 2000: INFO: Access rejected for p50bva: No such user
> 
> Désolé ;-)
> 
> Any idea about that ?         Thanks in advance.                      Gildas.
> -- 
> Gildas PERROT, [EMAIL PROTECTED]         __o
> FranceNet, 28 rue Desaix, 75015 Paris ---_ \<,_
> http://www.francenet.fr            ---- (_)/ (_)
> 
> 

-- 
Gildas PERROT, [EMAIL PROTECTED]         __o
FranceNet, 28 rue Desaix, 75015 Paris ---_ \<,_
http://www.francenet.fr            ---- (_)/ (_)

-- 
Gildas PERROT, [EMAIL PROTECTED]         __o
FranceNet, 28 rue Desaix, 75015 Paris ---_ \<,_
http://www.francenet.fr            ---- (_)/ (_)



===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) 2 questions about Radiator : fall-over solution and best AuthBy between SYSTEM and UNIX ?

Reply via email to
