This is the exact same problem I have. It can be fixed using PAM, however
I don't like pam, it's much slower in my tests than using the password
files. If you peek in /etc/shadow you'll notice no groups are listed.
This is why I asked to have ShadowFile directive added to Radiator so you
can point to PasswordFile /etc/passwd, GroupFile /etc/group, and
ShadowFile /etc/shadow. This would fix this problem for me anyway :)
On Fri, 29 Oct 1999, Dawn Lovell wrote:
> Date: Fri, 29 Oct 1999 08:31:04 -0500
> From: Dawn Lovell <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) Different logfiles for different groups?
>
> Hi, Hugh! We are running 2.14.1; the note in the revision history was
> part of why we thought it should work. We had not explicitly specified
> GroupFilename, so we added that option and tried again. It still seems
> to be ignoring our primary groups; maybe we're missing something else?
>
> Here's the relevant portion of our config file:
>
> <AuthBy UNIX>
> Identifier System
> Filename /etc/shadow
> GroupFilename /etc/group
> DefaultSimultaneousUse 1
> </AuthBy>
> <Handler>
> <AuthBy FILE>
> # The filename defaults to %D/users
> Filename %D/users.trial
> </AuthBy>
> ## Trial userids will have a Class of "trial" and
> ## all others will have no Class attribute set.
> AcctLogFileName %L/%N/detail%{Class}
> </Handler>
>
> From the users.trial file:
> DEFAULT Auth-Type = System, Group = trial, NAS-Port-Type = Async
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Address = 255.255.255.254,
> Framed-Netmask = 255.255.255.255,
> Reply-Message="choice: ",
> Port-Limit = 1,
> Idle-Timeout = 1200,
> Session-Timeout = 28800,
> Class = trial
>
> DEFAULT Auth-Type = System, NAS-Port-Type = Async
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Address = 255.255.255.254,
> Framed-Netmask = 255.255.255.255,
> Reply-Message="choice: ",
> Port-Limit = 1,
> Idle-Timeout = 1200,
> Session-Timeout = 28800
>
> This works great for userids that are explicitly listed in the groups
> file, but doesn't seem to work if they are not. We are running nscd,
> just in case that may be related to our problem. This is a Solaris 7
> box. Passwd and group are both set to files in nsswitch.conf.
>
> Here's an example user and the debug output for it.
>
> In /etc/passwd:
> testuser:x:12268:2000:Test User:/tmp:/bin/noshell
>
> In /etc/group:
> trial::2000:user1,user2
>
> Debug output:
> Fri Oct 29 08:09:59 1999: DEBUG: Check if Handler should be used to handle
> this request
> Fri Oct 29 08:09:59 1999: DEBUG: Handling request with Handler ''
> Fri Oct 29 08:09:59 1999: DEBUG: Deleting session for testuser, 209.142.178.4,
> 0
> Fri Oct 29 08:09:59 1999: DEBUG: Handling with Radius::AuthFILE
> Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthFILE looks for match with testuser
> Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT
> Fri Oct 29 08:09:59 1999: DEBUG: Handling with Radius::AuthUNIX
> Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthUNIX looks for match with testuser
> Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthUNIX REJECT: User testuser is not
> in Group trial
> Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthFILE REJECT: User testuser is not
> in Group trial
> Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT1
> Fri Oct 29 08:09:59 1999: DEBUG: Handling with Radius::AuthUNIX
> Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthUNIX looks for match with testuser
> Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthUNIX ACCEPT:
> Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthFILE ACCEPT:
> Fri Oct 29 08:09:59 1999: DEBUG: Access accepted for testuser
>
> Thanks again for your help!
>
> Dawn
>
> At 12:26 PM 10/29/99 +1000, Hugh Irvine wrote:
>
> >This was fixed in Radiator 2.14. The following is from the revision history on
> >the web page (http://www.open.com.au/radiator/history.html):
> >
> >
> > AuthBy SYSTEM now checks the primary group as well as
> > the secondary groups. It used only to do the secondaries.
> >
> >You will also need to use the GroupFilename parameter in your AuthBy.
> >
> >hth
> >
> >Hugh
> >
> >--
> >Radiator: the most portable, flexible and configurable RADIUS server
> >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> >Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> >NT, Rhapsody
> >
> >===
> >Archive at http://www.thesite.com.au/~radiator/
> >To unsubscribe, email '[EMAIL PROTECTED]' with
> >'unsubscribe radiator' in the body of the message.
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
