I have a Livingston server (will be migrated to Radiator in the future)
which rdist's the users file to a Radiator server (2.15). I've set up an
"AuthBy UNIX" phrase with a Identifier of "System" for the "Auth-Type =
System" entries in my Livingston users file:
<AuthBy UNIX>
Identifier System
Filename /etc/master.passwd
GroupFilename /etc/group
</AuthBy>
I've also tried:
<AuthBy SYSTEM>
Identifier System
</AuthBy>
in the same place.
I have DEFAULT entries in the users file as follows:
DEFAULT Group = mailonly, Auth-Type = Reject
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.255,
Port-Limit = 1,
Session-Timeout = 30,
Idle-Timeout = 10
DEFAULT Prefix = "S", Auth-Type = System
Service-Type = Login-User,
Login-Service = Telnet,
Login-IP-Host = my.telnet.machine,
Idle-Timeout = 1200
DEFAULT NAS-Port-Type = Async, Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.255,
Port-Limit = 1,
Session-Timeout = 28800,
Idle-Timeout = 1200
The corresponding Realm is:
<Realm DEFAULT>
AuthByPolicy ContinueWhileReject
<AuthBy FILE>
Filename %D/users
</AuthBy>
<AuthBy RADIUS>
Host my.livingston.radius.machine
Secret mysecret
</AuthBy>
# Log accounting to the detail file in LogDir
AcctLogFileName %L/pm-detail
WtmpFileName %L/pm-wtmp
</Realm>
I'm logging these messages:
Thu May 18 18:01:24 2000: WARNING: This AuthBy does not know how to
check Group membership
Thu May 18 18:01:25 2000: WARNING: This AuthBy does not know how to
check Group membership
Thu May 18 18:01:25 2000: WARNING: This AuthBy does not know how to
check Group membership
Thu May 18 18:01:25 2000: WARNING: This AuthBy does not know how to
check Group membership
I've checked and the Group checks are indeed not working. The /etc/group
entries DO exist in proper form. I get the same messages whether I use
"AuthBy UNIX" or "AuthBy SYSTEM" in my "System" identifier. NOTE:
Password lookups DO look like they work properly with UNIX or SYSTEM,
just not groups! One sample:
Thu May 18 17:10:10 2000: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu May 18 17:10:10 2000: DEBUG: SDB1 Deleting session for XXX,
207.202.170.1
0, 31
Thu May 18 17:10:10 2000: DEBUG: Handling with Radius::AuthFILE
Thu May 18 17:10:10 2000: DEBUG: Radius::AuthFILE looks for match with
XXX
Thu May 18 17:10:10 2000: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Thu May 18 17:10:10 2000: WARNING: This AuthBy does not know how to
check Group
membership
Thu May 18 17:10:10 2000: DEBUG: Radius::AuthFILE REJECT: User XXX is
not in
Group mailonly
Thu May 18 17:10:10 2000: DEBUG: Radius::AuthFILE looks for match with
DEFAULT1
Thu May 18 17:10:10 2000: DEBUG: Radius::AuthFILE REJECT: Prefix does
not match
Thu May 18 17:10:10 2000: DEBUG: Radius::AuthFILE looks for match with
DEFAULT2
Thu May 18 17:10:10 2000: DEBUG: Handling with Radius::AuthSYSTEM
Thu May 18 17:10:10 2000: DEBUG: getpwnam got XXX, l3hi7hd4uJ3aE, 29455,
1000
0, 0, , Real Name, /home/XXX, /sbin/nologin
Thu May 18 17:10:10 2000: DEBUG: Radius::AuthSYSTEM looks for match with
XXX
Thu May 18 17:10:10 2000: DEBUG: Radius::AuthSYSTEM ACCEPT:
Thu May 18 17:10:10 2000: DEBUG: Radius::AuthFILE ACCEPT:
Thu May 18 17:10:10 2000: DEBUG: Access accepted for XXX
Platform: FreeBSD 3.2 (x86), Perl 5.005_03, Radiator 2.15
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
