a little help here guys???
On Fri, Jan 22, 2010 at 9:58 AM, Satyam Mathura satz...@gmail.com wrote:
OK i'm back to my original question.
How do i get FreeRadius working with a MySQL back-end to do the following:
a. Reject a user if that user is in a group which is not allowed to access
OK i'm back to my original question.
How do i get FreeRadius working with a MySQL back-end to do the following:
a. Reject a user if that user is in a group which is not allowed to access
devices in a specific huntgroup.
b. Allow a user if that user is in the appropriate group which is allowed to
Guys,
I'm experiencing a strange problem. I use FreeRadius to control cmd line
access to my routers and switches and I've configured FreeRadius to use a
MySQL back-end and thus far it works fine except for one condition. If i
supply a blank password when authenticating, FreeRadius allows the
Hi,
users: Matched entry DEFAULT at line 204
++[files] returns ok
whats on line 204 or your users file? the reason why I ask is because..
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type Accept
rad_check_password:
Line 204 in my users file is the following:
DEFAULT Auth-Type := Reject
My MySQL databse also stores huntgroup information for the FreeRadius
server. I want to reject authentication by default on all my nas devices
unless the usergroup which the user belongs to is allowed to access that
Satyam Mathura satz...@gmail.com writes:
Line 204 in my users file is the following:
DEFAULT Auth-Type := Reject
You don't want that. It removes the server's ability to figure it out
by itself.
my radgroupcheck config:
++--++++
|
The reason i had those configs was because they were outlined as steps to
reject authentication by default in the guide i was using.
http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
Note: If you want to reject authentication by default then edit the
raddb/users file and add this:
DEFAULT
Quick update.
Although the radius server no longer accepts blank passwords, i now have a
problem where users who belong to groups which are not allowed to access nas
devices in certain huntgroups can now do so.
Any ideas?
On Thu, Jan 21, 2010 at 7:14 PM, Satyam Mathura satz...@gmail.com wrote:
8 matches
Mail list logo