Hi I'm seeing some funnies with AuthBy NISPlus. When authenticating with AuthBy NISPlus the master/root NIS server gets queried instead of the local NIS replica. If I do a nismatch on the local auth machine then the replica server gets queried. Is this a bug in Radiator?
Here are some logs: The auth request looks like this: Fri Mar 22 11:39:45 2002: DEBUG: Packet dump: *** Received from 196.25.100.91 port 2000 .... Code: Access-Request Identifier: 1 Authentic: 1016789973 Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "<16><146>TWg<193>NH<213>o<253><228>H<158><224><135>" NAS-IP-Address = 196.25.1.1 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "async" NAS-Port = 1 Fri Mar 22 11:39:46 2002: DEBUG: Check if Handler Realm="oogly.co.za" should be used to handle this request Fri Mar 22 11:39:46 2002: DEBUG: Check if Handler Realm="icon.co.za.superauth" should be used to handle this request Fri Mar 22 11:39:46 2002: DEBUG: Check if Handler Realm="eldappy" should be used to handle this request Fri Mar 22 11:39:46 2002: DEBUG: Check if Handler Realm=icon.co.za, Request-Type = Accounting-Request should be used to handle this request Fri Mar 22 11:39:46 2002: DEBUG: Check if Handler Realm=icon.co.za should be used to handle this request Fri Mar 22 11:39:46 2002: DEBUG: Handling request with Handler 'Realm=icon.co.za' Fri Mar 22 11:39:46 2002: DEBUG: Rewrote user name to bruma Fri Mar 22 11:39:46 2002: DEBUG: Deleting session for [EMAIL PROTECTED], 196.25.1.1, 1 Fri Mar 22 11:39:46 2002: DEBUG: Handling with Radius::AuthNISPLUS Fri Mar 22 11:39:46 2002: DEBUG: NIS+ query is [name=bruma] Fri Mar 22 11:39:47 2002: DEBUG: Radius::AuthNISPLUS looks for match with bruma Fri Mar 22 11:39:47 2002: DEBUG: Radius::AuthNISPLUS ACCEPT: Fri Mar 22 11:39:47 2002: DEBUG: Handling with Radius::AuthDBFILE Fri Mar 22 11:39:47 2002: DEBUG: Radius::AuthDBFILE looks for match with bruma Fri Mar 22 11:39:47 2002: DEBUG: Radius::AuthDBFILE ACCEPT: Fri Mar 22 11:39:47 2002: DEBUG: Handling with Radius::AuthFILE Fri Mar 22 11:39:47 2002: DEBUG: Radius::AuthFILE looks for match with bruma Fri Mar 22 11:39:47 2002: DEBUG: Radius::AuthFILE looks for match with DEFAULT Fri Mar 22 11:39:47 2002: DEBUG: Radius::AuthFILE ACCEPT: Fri Mar 22 11:39:47 2002: DEBUG: Access accepted for bruma Fri Mar 22 11:39:47 2002: DEBUG: Packet dump: *** Sending to 196.25.100.91 port 2000 .... Code: Access-Accept Identifier: 1 Authentic: 1016789973 Attributes: Class = "040903" Service-Type = Framed-User Framed-Protocol = PPP ^[[BFri Mar 22 11:40:39 2002: DEBUG: Packet dump: *** Received from 196.25.100.91 port 2125 .... Code: Access-Request Identifier: 2 Authentic: 1016790027 Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "<239><14><157>G<1><23>zV_v@<243><240>`<215><180>" NAS-IP-Address = 196.25.1.1 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "async" NAS-Port = 1 Fri Mar 22 11:40:39 2002: DEBUG: Check if Handler Realm="oogly.co.za" should be used to handle this request Fri Mar 22 11:40:39 2002: DEBUG: Check if Handler Realm="icon.co.za.superauth" should be used to handle this request Fri Mar 22 11:40:39 2002: DEBUG: Check if Handler Realm="eldappy" should be used to handle this request Fri Mar 22 11:40:39 2002: DEBUG: Check if Handler Realm=icon.co.za, Request-Type = Accounting-Request should be used to handle this request Fri Mar 22 11:40:39 2002: DEBUG: Check if Handler Realm=icon.co.za should be used to handle this request Fri Mar 22 11:40:39 2002: DEBUG: Handling request with Handler 'Realm=icon.co.za' Fri Mar 22 11:40:39 2002: DEBUG: Rewrote user name to bruma Fri Mar 22 11:40:39 2002: DEBUG: Deleting session for [EMAIL PROTECTED], 196.25.1.1, 1 Fri Mar 22 11:40:39 2002: DEBUG: Handling with Radius::AuthNISPLUS Fri Mar 22 11:40:39 2002: DEBUG: NIS+ query is [name=bruma] Fri Mar 22 11:40:39 2002: DEBUG: Radius::AuthNISPLUS looks for match with bruma Fri Mar 22 11:40:39 2002: DEBUG: Radius::AuthNISPLUS ACCEPT: Fri Mar 22 11:40:39 2002: DEBUG: Handling with Radius::AuthDBFILE Fri Mar 22 11:40:39 2002: DEBUG: Radius::AuthDBFILE looks for match with bruma Fri Mar 22 11:40:39 2002: DEBUG: Radius::AuthDBFILE ACCEPT: Fri Mar 22 11:40:39 2002: DEBUG: Handling with Radius::AuthFILE Fri Mar 22 11:40:39 2002: DEBUG: Radius::AuthFILE looks for match with bruma Fri Mar 22 11:40:39 2002: DEBUG: Radius::AuthFILE looks for match with DEFAULT Fri Mar 22 11:40:39 2002: DEBUG: Radius::AuthFILE ACCEPT: Fri Mar 22 11:40:39 2002: DEBUG: Access accepted for bruma Fri Mar 22 11:40:39 2002: DEBUG: Packet dump: *** Sending to 196.25.100.91 port 2125 .... Code: Access-Accept Identifier: 2 Authentic: 1016790027 Attributes: Class = "040903" Service-Type = Framed-User Framed-Protocol = PPP The snoop looks like this: wol-aaa1:/#snoop mail450 Using device /dev/hme (promiscuous mode) wol-aaa1.worldonline.co.za -> mail450.icon.co.za NIS+ C Lookup "passwd.org_dir.icon.co.za." mail450.icon.co.za -> wol-aaa1.worldonline.co.za NIS+ R Lookup [Success] and 1 object wol-aaa1.worldonline.co.za -> mail450.icon.co.za NIS+ C IBlist "passwd.org_dir.icon.co.za." [name = "bruma"] mail450.icon.co.za -> wol-aaa1.worldonline.co.za NIS+ R IBlist [Success] and 1 object wol-aaa1.worldonline.co.za -> mail450.icon.co.za TCP D=32772 S=35876 Ack=1086635127 Seq=3835083472 Len=0 Win=33580 A local nismatch looks like this (no snoop results); wol-aaa1:#nismatch name=bruma passwd.org_dir bruma:ua2NkPWApbWXk:34671:200:Colin Clegg:/usr/people/users/b/r/bruma:/usr/local/bin/tcsh: So why does a dialup auth request gets sent the the Master/root nis server when a command line query stays local. My radiator config for this domain looks like this: <Handler Realm=icon.co.za, Request-Type = Accounting-Request> <AuthBy NISPLUS> Table passwd.org_dir Query [name=%U] AuthFieldDef passwd,Encrypted-Password,check </AuthBy> AcctLogFileName %L/%R/%d-%m-%y.log.test </Handler> <Handler Realm=icon.co.za> RewriteUsername s/^(.+)\@icon.co.za/$1/ AuthByPolicy ContinueWhileAccept <AuthBy NISPLUS> Table passwd.org_dir Query [name=%U] AuthFieldDef passwd,Encrypted-Password,check </AuthBy> <AuthBy DBFILE> Filename %D/users.db # Force it to use DB_File DBType DB_File </AuthBy> <AuthBy FILE> Filename %D/icon_users StripFromReply User-Category </AuthBy> </Handler> Any ideas? :) fred === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.