Re: Default entries in raddb/users file
The date in your computer system is way off Michael. Michael Dodd wrote: > Thanks for the info Alan! After I wrote the email I started to consider > that It may not be possible. I guess I should have spent more "quality > time" with the docs, but I wasn't even sure that fail-over was what I was > dealing with. Thanks again! > - Original Message - > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, September 29, 2001 6:10 AM > Subject: Re: Default entries in raddb/users file > > > "Michael Dodd" <[EMAIL PROTECTED]> wrote: > > > The goal is to have a radius server that will first attempt to > authenticate > > > from the FreeBSD system files ( /etc/passwd ) and if that fails, try to > > > authenticate from the MySQL database. > > > > OK, the fail-over mechanism isn't well documented in the > > radiusd.conf file. See the file 'doc/configurable_failover' for more > > information. > > > > And you might not even be able to do it, anyways. Right now, the > > server really only does one kind of authentication at a time. You can > > pick between them on the fly, but each request will use only one > > authentication. > > > > Alan DeKok. > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Default entries in raddb/users file
Michael, You might be able to use nsswitch/pam to do the job. I'm not sure if there is an auth_mysql module for pam, but I know you can tell it what order in which to use the auth mechanisms that it has. For example: SNIP start /etc/nsswitch.conf passwd: ldap files shadow: ldap files group: ldap files SNIP end /etc/nsswitch.conf You could then use Auth-Type := PAM and let pam do the work for you. If there isn't a MySQL module for pam (I'm honestly not sure). You should be able to use/modify some of the external auth code from qmail to make your own external auth mechanism for FreeRADIUS--which I'm fairly sure it supports. Another option would be to rebuild the local .db files from the mysql table when changes are made (NOTE: MySQL now supports perl-based stored procedures). SSH/rsync might help do the trick securely for you there. Cheers, Mike Michael Dodd wrote: > Thanks for the info Alan! After I wrote the email I started to consider > that It may not be possible. I guess I should have spent more "quality > time" with the docs, but I wasn't even sure that fail-over was what I was > dealing with. Thanks again! > - Original Message - > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, September 29, 2001 6:10 AM > Subject: Re: Default entries in raddb/users file > > > >>"Michael Dodd" <[EMAIL PROTECTED]> wrote: >> >>>The goal is to have a radius server that will first attempt to >>> > authenticate > >>>from the FreeBSD system files ( /etc/passwd ) and if that fails, try to >>>authenticate from the MySQL database. >>> >> OK, the fail-over mechanism isn't well documented in the >>radiusd.conf file. See the file 'doc/configurable_failover' for more >>information. >> >> And you might not even be able to do it, anyways. Right now, the >>server really only does one kind of authentication at a time. You can >>pick between them on the fly, but each request will use only one >>authentication. >> >> Alan DeKok. >> >>- >>List info/subscribe/unsubscribe? See >> > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Default entries in raddb/users file
Thanks for the info Alan! After I wrote the email I started to consider that It may not be possible. I guess I should have spent more "quality time" with the docs, but I wasn't even sure that fail-over was what I was dealing with. Thanks again! - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, September 29, 2001 6:10 AM Subject: Re: Default entries in raddb/users file > "Michael Dodd" <[EMAIL PROTECTED]> wrote: > > The goal is to have a radius server that will first attempt to authenticate > > from the FreeBSD system files ( /etc/passwd ) and if that fails, try to > > authenticate from the MySQL database. > > OK, the fail-over mechanism isn't well documented in the > radiusd.conf file. See the file 'doc/configurable_failover' for more > information. > > And you might not even be able to do it, anyways. Right now, the > server really only does one kind of authentication at a time. You can > pick between them on the fly, but each request will use only one > authentication. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Default entries in raddb/users file
"Michael Dodd" <[EMAIL PROTECTED]> wrote: > The goal is to have a radius server that will first attempt to authenticate > from the FreeBSD system files ( /etc/passwd ) and if that fails, try to > authenticate from the MySQL database. OK, the fail-over mechanism isn't well documented in the radiusd.conf file. See the file 'doc/configurable_failover' for more information. And you might not even be able to do it, anyways. Right now, the server really only does one kind of authentication at a time. You can pick between them on the fly, but each request will use only one authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Default entries in raddb/users file
- Original Message - From: Michael Dodd <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 15, 2001 2:26 AM Subject: Default entries in raddb/users file > The clouds of radius are slowly beginnging to part, and I'm almost afraid to > admit that I'm kind of starting to enjoying messing with it. Please read that last line as "Starting to enjoy messing with it" Ugh- that's what I get for writing email at 3am. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Default entries in raddb/users file
The clouds of radius are slowly beginnging to part, and I'm almost afraid to
admit that I'm kind of starting to enjoying messing with it.
I've got what amounts to a pretty basic freeradius 0.2 install from the
tarball, not CVS. I'm running MySQL from the FreeBSD ports, and the radius
tables are successfully built from the provided schema.
The goal is to have a radius server that will first attempt to authenticate
from the FreeBSD system files ( /etc/passwd ) and if that fails, try to
authenticate from the MySQL database.
I can get either unix authentication to work, or SQL authentication, but not
both. I'm pertty sure the problem is in the configuration of my raddb/users
file, but I'm not sure. Here's the default entries in question:
# Unix auth
DEFAULT Auth-Type := System
Fall-Through = 1
# Defaults for all framed connections.
# seems to hit against MySQL
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
# These are the entries from my radiusd.conf
authorize {
preprocess
suffix
sql
files
}
authenticate {
sql
unix
}
Do I need to have a line for "unix" in my authorize module? Thanks in
advance for any help.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
