Hello Bryn -
On Fri, 19 May 2000, Bryn Wm. Moslow wrote:
> I have a Livingston server (will be migrated to Radiator in the future)
> which rdist's the users file to a Radiator server (2.15). I've set up an
> "AuthBy UNIX" phrase with a Identifier of "System" for the "Auth-Type =
> System" entries in my Livingston users file:
>
> <AuthBy UNIX>
> Identifier System
> Filename /etc/master.passwd
> GroupFilename /etc/group
> </AuthBy>
>
> I've also tried:
>
> <AuthBy SYSTEM>
> Identifier System
> </AuthBy>
>
> in the same place.
>
>
> I have DEFAULT entries in the users file as follows:
>
> DEFAULT Group = mailonly, Auth-Type = Reject
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.255,
> Port-Limit = 1,
> Session-Timeout = 30,
> Idle-Timeout = 10
>
> DEFAULT Prefix = "S", Auth-Type = System
> Service-Type = Login-User,
> Login-Service = Telnet,
> Login-IP-Host = my.telnet.machine,
> Idle-Timeout = 1200
>
> DEFAULT NAS-Port-Type = Async, Auth-Type = System
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.255,
> Port-Limit = 1,
> Session-Timeout = 28800,
> Idle-Timeout = 1200
>
>
> The corresponding Realm is:
>
> <Realm DEFAULT>
> AuthByPolicy ContinueWhileReject
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
> <AuthBy RADIUS>
> Host my.livingston.radius.machine
> Secret mysecret
> </AuthBy>
> # Log accounting to the detail file in LogDir
> AcctLogFileName %L/pm-detail
> WtmpFileName %L/pm-wtmp
> </Realm>
>
>
> I'm logging these messages:
>
> Thu May 18 18:01:24 2000: WARNING: This AuthBy does not know how to
> check Group membership
> Thu May 18 18:01:25 2000: WARNING: This AuthBy does not know how to
> check Group membership
> Thu May 18 18:01:25 2000: WARNING: This AuthBy does not know how to
> check Group membership
> Thu May 18 18:01:25 2000: WARNING: This AuthBy does not know how to
> check Group membership
>
Order is important in cascaded AuthBy's. The messages you are seeing are
because you have the Group check item *before* the Auth-Type =, which results
in it being checked by the first AuthBy FILE which of course doesn't know what
to do with it. Try reversing the order to pass the Group check to the AuthBy
UNIX/SYSTEM:
DEFAULT Auth-Type = System, Group = mailonly
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.255,
Port-Limit = 1,
Session-Timeout = 30,
Idle-Timeout = 10
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
