Dear [EMAIL PROTECTED], Group-Name == "slow"
checks for Group-Name attribute in check list (that is list of attributes received in RADIUS request). format = "*User-Name:User-Password:Group-Name" adds Group-Name attribute to config items list. So there will never be Group-Name in check list. Changing Group-Name to Group will give no result. I can change rlm_passwd to be able to add something to replay attributes list. In this case you will be able to directly add Pool-Name from passwd file to RADIUS reply. --Friday, September 20, 2002, 2:58:15 PM, you wrote to [EMAIL PROTECTED]: mmr> I have similar problem. I try group-based authenticate. mmr> in radius.conf: mmr> passwd raddb_userlist { mmr> filename = /etc/raddb/userlist mmr> format = "*User-Name:User-Password:Group-Name" mmr> authtype = MS-CHAP mmr> hashsize = 1000 mmr> ignorenislike = no mmr> allowmultiplekeys = no mmr> } mmr> in /etc/raddb/userlist: mmr> mmike:mike:fast mmr> users file (with line numbers): mmr> 185:DEFAULT Group-Name == "slow", Pool-Name := "ippool-1-slow" mmr> 186: Fall-Through = Yes mmr> 187: mmr> 188:DEFAULT Group-Name == "fast", Pool-Name := "ippool-1-fast" mmr> 189: Fall-Through = Yes mmr> 190: mmr> 191:DEFAULT Service-Type == Framed-User mmr> 192: Framed-MTU = 1500, mmr> 193: Service-Type = Framed-User, mmr> 194: Fall-Through = Yes mmr> now i run radiusd: mmr> # radiusd -xx mmr> ... mmr> modcall: entering group authorize mmr> modcall[authorize]: module "preprocess" returns ok mmr> rlm_passwd: Added User-Password: mike mmr> rlm_passwd: Added Group-Name: fast <---- Group-Name attribute added with value "fast" mmr> rlm_passwd: Adding Auth-Type: MS-CHAP mmr> .... mmr> users: Matched DEFAULT at 191 mmr> modcall[authorize]: module "files" returns ok mmr> ... mmr> MATCH found at line 191 only. Hm.. what about line 188?!!! mmr> I try use "Group" attr instead "Group-Name". Result is the same. mmr> Its like a bug? >> I have install freeradius 0.7.1 on slackware 8.0 with shadow password >> Installation was ok and basic functions are working. >> I have experience problems wen i try to deny access to one of the groups >> on the radius server >> Following instruction did not help. >> I try : >> DEFAULT Group == "users" , Auth-Type :=Reject >> DEFAULT Group == users , Auth-Type :=Reject >> DEFAULT Group == "users" , Auth-Type =Reject >> DEFAULT Group == users , Auth-Type =Reject >> And more before: >> DEFAULT Auth-Type := System >> but nothing work. >> User marcin , group users was always able to authenticate. >> This is a debug of the auth process: >> >> rad_recv: Access-Request packet from host 216.168.1.38:4751, id=131, >> length=81 >> NAS-IP-Address = 216.168.1.38 >> Calling-Station-Id = "204.251.93.250" >> User-Name = "marcin?X0040;hostplus.net" >> User-Password = "\274\252\2162\275\rS+\305F.\240\007Ia" >> modcall: entering group authorize >> modcall[authorize]: module "preprocess" returns ok >> rlm_realm: Looking up realm hostplus.net for User-Name = >> "marcin?X0040;hostplus.net" >> rlm_realm: Found realm hostplus.net >> rlm_realm: Adding Stripped-User-Name = "marcin" >> rlm_realm: Proxying request from user marcin to realm hostplus.net >> rlm_realm: Adding Realm = "hostplus.net" >> rlm_realm: Authentication realm is LOCAL. >> rlm_realm: auth_port is not set. proxy cancelled >> modcall[authorize]: module "suffix" returns noop >> users: Matched DEFAULT at 6 >> modcall[authorize]: module "files" returns ok >> modcall: group authorize returns ok >> rad_check_password: Found Auth-Type System >> auth: type "System" >> modcall: entering group authenticate >> modcall[authenticate]: module "unix" returns ok >> modcall: group authenticate returns ok >> Login OK: [marcin?X0040;hostplus.net] (from client supernews port 0 cli >> 204.251.93.250) >> Sending Access-Accept of id 131 to 216.168.1.38:4751 >> Finished request 4 >> Going to the next request >> >> And one more thing. >> Will i be able to limit access based on >> Called-Station-id ? >> If so what would be a process to set this up? >> >> >> mmr> - mmr> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Человек это тайна... я занимаюсь этой тайной чтобы быть человеком. (Достоевский) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html