Hello Griff -
You are correct, if a Client clause does not catch a request, it should be
rejected. An easy test is to dummy up some authentication requests with
radpwtst and do some experiments. Use a trace 4 and check what is happening.
hth
Hugh
On Wednesday 21 March 2001 09:16, Griff Hamlin wrote:
> Hello all,
>
> I've noticed that several people have been authenticated on my server
> when the routers are not listed in the client list. How can this be? I
> was under the impression from the documentation that if the router is
> not listed, and no default is given, it should be immediately rejected.
> Please advise. My radius config file is below with many routers removed
> for brevity, and the secrets missing. The users that are calling in on
> these routers are in the database, and are being accepted as they should
> be. However, I though that they should not be authenticated since their
> routers are not in the config file.
>
> Griff Hamlin, III
>
>
> _________________________
> # Radiator configuration file
>
> Trace 3
>
> # Directory where logfile and details file are
> LogDir /var/adm/radacct
>
> # Database directory. Should contain:
> # users The user database
> # dictionary The dictionary for your NAS
> DbDir /etc/raddb
>
> AuthPort 1645
> AcctPort 1646
>
> # Global parameters
> LivingstonOffs 22
> LivingstonHole 1
>
> # Handle all users from all other realms by looking them up
> # in the users file at /etc/raddb/users.
> <Handler>
> RewriteUsername s/^([^@]+).*/$1/
> <AuthBy GROUP>
> AuthByPolicy ContinueUntilAccept
> <AuthBy QuikRadAcct>
> # authorize by the module AuthQuikRadAcct.pm
> </AuthBy>
> <AuthBy FILE>
> Filename %D/blkspam.1
> DefaultReply Service-Type = Framed-User,\
> Framed-Protocol = PPP,\
> Framed-IP-Address = 10.10.10.10,\
> Session-Timeout = 25,\
> Idle-Timeout = 20
> </AuthBy>
> <AuthBy FILE>
> Filename %D/blkspam.2
> DefaultReply Service-Type = Framed-User,\
> Framed-Protocol = PPP,\
> Framed-IP-Address = 10.10.10.10,\
> Session-Timeout = 25,\
> Idle-Timeout = 20
> </AuthBy>
> <AuthBy FILE>
> Filename %D/blkspam.3
> DefaultReply Service-Type = Framed-User,\
> Framed-Protocol = PPP,\
> Framed-IP-Address = 10.10.10.10,\
> Session-Timeout = 25,\
> Idle-Timeout = 20
> </AuthBy>
> <AuthBy FILE>
> Filename %D/blkspam.4
> DefaultReply Service-Type = Framed-User,\
> Framed-Protocol = PPP,\
> Framed-IP-Address = 10.10.10.10,\
> Session-Timeout = 25,\
> Idle-Timeout = 20
> </AuthBy>
> <AuthBy FILE>
> # This is primarily for test accounts not entered in Cheetah.
> Filename %D/users.head
> </AuthBy>
> <AuthBy QuikRad># authorize by the module AuthQuikRad.pm
> </AuthBy>
> </AuthBy>
> # Log accounting to the detail file in LogDir/<client>
> AcctLogFileName %L/%c/detail
> # MaxSessions 1
> </Handler>
>
> # Allows us to honour requests from radpwtst on the same host.
> <Client localhost>
> DupInterval 0
> Secret xx
> </Client>
>
> #63.169.132.243 O1 Communications proxy
> <Client 63.169.132.243>
> Secret xx
> </Client>
>
> #63.169.132.244 O1 Communications proxy
> <Client 63.169.132.244>
> Secret xx
> </Client>
>
> #63.169.132.245 O1 Communications proxy
> <Client 63.169.132.245>
> Secret xx
> </Client>
>
> #63.169.132.248 O1 Communications proxy
> <Client 63.169.132.248>
> Secret xx
> </Client>
>
> #63.169.132.249 O1 Communications proxy
> <Client 63.169.132.249>
> Secret xx
> </Client>
>
> #64.114.5.254 Chilliwack 1
> <Client 64.114.5.254>
> Secret xx
> NasType Livingston
> SNMPCommunity quik77
> </Client>
>
> #140.186.142.2 Boston 2
> <Client 140.186.142.2>
> Secret xx
> NasType Livingston
> SNMPCommunity quik77
> </Client>
>
> #140.186.142.100 Boston Ascend
> <Client 140.186.142.100>
> Secret xxx
> NasType Livingston
> SNMPCommunity quik77
> </Client>
>
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
