Hello all,
I've noticed that several people have been authenticated on my server
when the routers are not listed in the client list. How can this be? I
was under the impression from the documentation that if the router is
not listed, and no default is given, it should be immediately rejected.
Please advise. My radius config file is below with many routers removed
for brevity, and the secrets missing. The users that are calling in on
these routers are in the database, and are being accepted as they should
be. However, I though that they should not be authenticated since their
routers are not in the config file.
Griff Hamlin, III
_________________________
# Radiator configuration file
Trace 3
# Directory where logfile and details file are
LogDir /var/adm/radacct
# Database directory. Should contain:
# users The user database
# dictionary The dictionary for your NAS
DbDir /etc/raddb
AuthPort 1645
AcctPort 1646
# Global parameters
LivingstonOffs 22
LivingstonHole 1
# Handle all users from all other realms by looking them up
# in the users file at /etc/raddb/users.
<Handler>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy GROUP>
AuthByPolicy ContinueUntilAccept
<AuthBy QuikRadAcct>
# authorize by the module AuthQuikRadAcct.pm
</AuthBy>
<AuthBy FILE>
Filename %D/blkspam.1
DefaultReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Address = 10.10.10.10,\
Session-Timeout = 25,\
Idle-Timeout = 20
</AuthBy>
<AuthBy FILE>
Filename %D/blkspam.2
DefaultReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Address = 10.10.10.10,\
Session-Timeout = 25,\
Idle-Timeout = 20
</AuthBy>
<AuthBy FILE>
Filename %D/blkspam.3
DefaultReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Address = 10.10.10.10,\
Session-Timeout = 25,\
Idle-Timeout = 20
</AuthBy>
<AuthBy FILE>
Filename %D/blkspam.4
DefaultReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Address = 10.10.10.10,\
Session-Timeout = 25,\
Idle-Timeout = 20
</AuthBy>
<AuthBy FILE>
# This is primarily for test accounts not entered in Cheetah.
Filename %D/users.head
</AuthBy>
<AuthBy QuikRad># authorize by the module AuthQuikRad.pm
</AuthBy>
</AuthBy>
# Log accounting to the detail file in LogDir/<client>
AcctLogFileName %L/%c/detail
# MaxSessions 1
</Handler>
# Allows us to honour requests from radpwtst on the same host.
<Client localhost>
DupInterval 0
Secret xx
</Client>
#63.169.132.243 O1 Communications proxy
<Client 63.169.132.243>
Secret xx
</Client>
#63.169.132.244 O1 Communications proxy
<Client 63.169.132.244>
Secret xx
</Client>
#63.169.132.245 O1 Communications proxy
<Client 63.169.132.245>
Secret xx
</Client>
#63.169.132.248 O1 Communications proxy
<Client 63.169.132.248>
Secret xx
</Client>
#63.169.132.249 O1 Communications proxy
<Client 63.169.132.249>
Secret xx
</Client>
#64.114.5.254 Chilliwack 1
<Client 64.114.5.254>
Secret xx
NasType Livingston
SNMPCommunity quik77
</Client>
#140.186.142.2 Boston 2
<Client 140.186.142.2>
Secret xx
NasType Livingston
SNMPCommunity quik77
</Client>
#140.186.142.100 Boston Ascend
<Client 140.186.142.100>
Secret xxx
NasType Livingston
SNMPCommunity quik77
</Client>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
