Re: Blank Password Problem

2010-01-23 Thread Satyam Mathura
a little help here guys??? On Fri, Jan 22, 2010 at 9:58 AM, Satyam Mathura satz...@gmail.com wrote: OK i'm back to my original question. How do i get FreeRadius working with a MySQL back-end to do the following: a. Reject a user if that user is in a group which is not allowed to access

Re: Blank Password Problem

2010-01-22 Thread Satyam Mathura
OK i'm back to my original question. How do i get FreeRadius working with a MySQL back-end to do the following: a. Reject a user if that user is in a group which is not allowed to access devices in a specific huntgroup. b. Allow a user if that user is in the appropriate group which is allowed to

Blank Password Problem

2010-01-21 Thread Satyam Mathura
Guys, I'm experiencing a strange problem. I use FreeRadius to control cmd line access to my routers and switches and I've configured FreeRadius to use a MySQL back-end and thus far it works fine except for one condition. If i supply a blank password when authenticating, FreeRadius allows the

Re: Blank Password Problem

2010-01-21 Thread Alan Buxey
Hi, users: Matched entry DEFAULT at line 204 ++[files] returns ok whats on line 204 or your users file? the reason why I ask is because.. rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type Accept rad_check_password:

Re: Blank Password Problem

2010-01-21 Thread Satyam Mathura
Line 204 in my users file is the following: DEFAULT Auth-Type := Reject My MySQL databse also stores huntgroup information for the FreeRadius server. I want to reject authentication by default on all my nas devices unless the usergroup which the user belongs to is allowed to access that

Re: Blank Password Problem

2010-01-21 Thread Bjørn Mork
Satyam Mathura satz...@gmail.com writes: Line 204 in my users file is the following: DEFAULT Auth-Type := Reject You don't want that. It removes the server's ability to figure it out by itself. my radgroupcheck config: ++--++++ |

Re: Blank Password Problem

2010-01-21 Thread Satyam Mathura
The reason i had those configs was because they were outlined as steps to reject authentication by default in the guide i was using. http://wiki.freeradius.org/SQL_Huntgroup_HOWTO Note: If you want to reject authentication by default then edit the raddb/users file and add this: DEFAULT

Re: Blank Password Problem

2010-01-21 Thread Satyam Mathura
Quick update. Although the radius server no longer accepts blank passwords, i now have a problem where users who belong to groups which are not allowed to access nas devices in certain huntgroups can now do so. Any ideas? On Thu, Jan 21, 2010 at 7:14 PM, Satyam Mathura satz...@gmail.com wrote: