Dear [EMAIL PROTECTED],
Group-Name == "slow"
checks for Group-Name attribute in check list (that is list of
attributes received in RADIUS request).
format = "*User-Name:User-Password:Group-Name"
adds Group-Name attribute to config items list. So there will never be
Group-Name in check list. Changing Group-Name to Group will give no
result.
I can change rlm_passwd to be able to add something to replay attributes
list. In this case you will be able to directly add Pool-Name from
passwd file to RADIUS reply.
--Friday, September 20, 2002, 2:58:15 PM, you wrote to
[EMAIL PROTECTED]:
mmr> I have similar problem. I try group-based authenticate.
mmr> in radius.conf:
mmr> passwd raddb_userlist {
mmr> filename = /etc/raddb/userlist
mmr> format = "*User-Name:User-Password:Group-Name"
mmr> authtype = MS-CHAP
mmr> hashsize = 1000
mmr> ignorenislike = no
mmr> allowmultiplekeys = no
mmr> }
mmr> in /etc/raddb/userlist:
mmr> mmike:mike:fast
mmr> users file (with line numbers):
mmr> 185:DEFAULT Group-Name == "slow", Pool-Name := "ippool-1-slow"
mmr> 186: Fall-Through = Yes
mmr> 187:
mmr> 188:DEFAULT Group-Name == "fast", Pool-Name := "ippool-1-fast"
mmr> 189: Fall-Through = Yes
mmr> 190:
mmr> 191:DEFAULT Service-Type == Framed-User
mmr> 192: Framed-MTU = 1500,
mmr> 193: Service-Type = Framed-User,
mmr> 194: Fall-Through = Yes
mmr> now i run radiusd:
mmr> # radiusd -xx
mmr> ...
mmr> modcall: entering group authorize
mmr> modcall[authorize]: module "preprocess" returns ok
mmr> rlm_passwd: Added User-Password: mike
mmr> rlm_passwd: Added Group-Name: fast <---- Group-Name attribute added with
value "fast"
mmr> rlm_passwd: Adding Auth-Type: MS-CHAP
mmr> ....
mmr> users: Matched DEFAULT at 191
mmr> modcall[authorize]: module "files" returns ok
mmr> ...
mmr> MATCH found at line 191 only. Hm.. what about line 188?!!!
mmr> I try use "Group" attr instead "Group-Name". Result is the same.
mmr> Its like a bug?
>> I have install freeradius 0.7.1 on slackware 8.0 with shadow password
>> Installation was ok and basic functions are working.
>> I have experience problems wen i try to deny access to one of the groups
>> on the radius server
>> Following instruction did not help.
>> I try :
>> DEFAULT Group == "users" , Auth-Type :=Reject
>> DEFAULT Group == users , Auth-Type :=Reject
>> DEFAULT Group == "users" , Auth-Type =Reject
>> DEFAULT Group == users , Auth-Type =Reject
>> And more before:
>> DEFAULT Auth-Type := System
>> but nothing work.
>> User marcin , group users was always able to authenticate.
>> This is a debug of the auth process:
>>
>> rad_recv: Access-Request packet from host 216.168.1.38:4751, id=131,
>> length=81
>> NAS-IP-Address = 216.168.1.38
>> Calling-Station-Id = "204.251.93.250"
>> User-Name = "marcin?X0040;hostplus.net"
>> User-Password = "\274\252\2162\275\rS+\305F.\240\007Ia"
>> modcall: entering group authorize
>> modcall[authorize]: module "preprocess" returns ok
>> rlm_realm: Looking up realm hostplus.net for User-Name =
>> "marcin?X0040;hostplus.net"
>> rlm_realm: Found realm hostplus.net
>> rlm_realm: Adding Stripped-User-Name = "marcin"
>> rlm_realm: Proxying request from user marcin to realm hostplus.net
>> rlm_realm: Adding Realm = "hostplus.net"
>> rlm_realm: Authentication realm is LOCAL.
>> rlm_realm: auth_port is not set. proxy cancelled
>> modcall[authorize]: module "suffix" returns noop
>> users: Matched DEFAULT at 6
>> modcall[authorize]: module "files" returns ok
>> modcall: group authorize returns ok
>> rad_check_password: Found Auth-Type System
>> auth: type "System"
>> modcall: entering group authenticate
>> modcall[authenticate]: module "unix" returns ok
>> modcall: group authenticate returns ok
>> Login OK: [marcin?X0040;hostplus.net] (from client supernews port 0 cli
>> 204.251.93.250)
>> Sending Access-Accept of id 131 to 216.168.1.38:4751
>> Finished request 4
>> Going to the next request
>>
>> And one more thing.
>> Will i be able to limit access based on
>> Called-Station-id ?
>> If so what would be a process to set this up?
>>
>>
>>
mmr> -
mmr> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
Человек это тайна... я занимаюсь этой тайной чтобы быть человеком. (Достоевский)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
