> Dear [EMAIL PROTECTED], > Group-Name == "slow"
> checks for Group-Name attribute in check list (that is list of > attributes received in RADIUS request). > format = "*User-Name:User-Password:Group-Name" > adds Group-Name attribute to config items list. So there will never be > Group-Name in check list. Changing Group-Name to Group will give no > result. Can I move attribute from config items list to check list? Or how i can check config attribute? > I can change rlm_passwd to be able to add something to replay attributes > list. In this case you will be able to directly add Pool-Name from > passwd file to RADIUS reply. No. this is bad idea to add Pool-Name to Reply. Imagine, I have 2 NASes with 2 ip-pool for each (ippool-1-fast, ippool-1-slow for 1-st NAS and ippool-2-fast, ippool-2-slow for 2-ns NAS). So we have 4 different ip-pools. User can connect to any of NASes. rlm_passwd returns slow or fast for the user. If user from slow group connected to NAS#1, Pool-Name have to changed to ippool-1-slow. If user connected to NAS#1, then Pool-Name := ippool-2-slow. Can you explain me how I can make such choice? mmr>> I have similar problem. I try group-based authenticate. mmr>> in radius.conf: mmr>> passwd raddb_userlist { mmr>> filename = /etc/raddb/userlist mmr>> format = "*User-Name:User-Password:Group-Name" mmr>> authtype = MS-CHAP mmr>> hashsize = 1000 mmr>> ignorenislike = no mmr>> allowmultiplekeys = no mmr>> } mmr>> in /etc/raddb/userlist: mmr>> mmike:mike:fast mmr>> users file (with line numbers): mmr>> 185:DEFAULT Group-Name == "slow", Pool-Name := "ippool-1-slow" mmr>> 186: Fall-Through = Yes mmr>> 187: mmr>> 188:DEFAULT Group-Name == "fast", Pool-Name := "ippool-1-fast" mmr>> 189: Fall-Through = Yes mmr>> 190: mmr>> 191:DEFAULT Service-Type == Framed-User mmr>> 192: Framed-MTU = 1500, mmr>> 193: Service-Type = Framed-User, mmr>> 194: Fall-Through = Yes mmr>> now i run radiusd: mmr>> # radiusd -xx mmr>> ... mmr>> modcall: entering group authorize mmr>> modcall[authorize]: module "preprocess" returns ok mmr>> rlm_passwd: Added User-Password: mike mmr>> rlm_passwd: Added Group-Name: fast <---- Group-Name attribute added with value "fast" mmr>> rlm_passwd: Adding Auth-Type: MS-CHAP mmr>> .... mmr>> users: Matched DEFAULT at 191 mmr>> modcall[authorize]: module "files" returns ok mmr>> ... mmr>> MATCH found at line 191 only. Hm.. what about line 188?!!! mmr>> I try use "Group" attr instead "Group-Name". Result is the same. mmr>> Its like a bug? >>> I have install freeradius 0.7.1 on slackware 8.0 with shadow password >>> Installation was ok and basic functions are working. >>> I have experience problems wen i try to deny access to one of the groups >>> on the radius server >>> Following instruction did not help. >>> I try : >>> DEFAULT Group == "users" , Auth-Type :=Reject >>> DEFAULT Group == users , Auth-Type :=Reject >>> DEFAULT Group == "users" , Auth-Type =Reject >>> DEFAULT Group == users , Auth-Type =Reject >>> And more before: >>> DEFAULT Auth-Type := System >>> but nothing work. >>> User marcin , group users was always able to authenticate. >>> This is a debug of the auth process: >>> >>> rad_recv: Access-Request packet from host 216.168.1.38:4751, id=131, >>> length=81 >>> NAS-IP-Address = 216.168.1.38 >>> Calling-Station-Id = "204.251.93.250" >>> User-Name = "marcin?X0040;hostplus.net" >>> User-Password = "\274\252\2162\275\rS+\305F.\240\007Ia" >>> modcall: entering group authorize >>> modcall[authorize]: module "preprocess" returns ok >>> rlm_realm: Looking up realm hostplus.net for User-Name = >>> "marcin?X0040;hostplus.net" >>> rlm_realm: Found realm hostplus.net >>> rlm_realm: Adding Stripped-User-Name = "marcin" >>> rlm_realm: Proxying request from user marcin to realm hostplus.net >>> rlm_realm: Adding Realm = "hostplus.net" >>> rlm_realm: Authentication realm is LOCAL. >>> rlm_realm: auth_port is not set. proxy cancelled >>> modcall[authorize]: module "suffix" returns noop >>> users: Matched DEFAULT at 6 >>> modcall[authorize]: module "files" returns ok >>> modcall: group authorize returns ok >>> rad_check_password: Found Auth-Type System >>> auth: type "System" >>> modcall: entering group authenticate >>> modcall[authenticate]: module "unix" returns ok >>> modcall: group authenticate returns ok >>> Login OK: [marcin?X0040;hostplus.net] (from client supernews port 0 cli >>> 204.251.93.250) >>> Sending Access-Accept of id 131 to 216.168.1.38:4751 >>> Finished request 4 >>> Going to the next request >>> >>> And one more thing. >>> Will i be able to limit access based on >>> Called-Station-id ? >>> If so what would be a process to set this up? >>> >>> >>> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html