OK, in the users file "company.com" is really meant to be just
that. I corrected "Password = System" to "Auth-type = UNIX".
What I want to happen is the following:
if the user is in the users file
then if the entry has a password
then use it for authentication
else use UNIX (/etc/passwd)
else use UNIX (/etc/passwd)
I'm running under Linux, which saves passwords in /etc/shadow so
I tried setting "Filename /etc/shadow", but the password log file
seems to indicate that it's still using /etc/passwd because I see
an "x" as the correct password.
Thanks in advance.
William Hernandez
----- Original Message -----
From: Hugh Irvine <[EMAIL PROTECTED]>
To: William Hernandez <[EMAIL PROTECTED]>; Radiator
<[EMAIL PROTECTED]>
Sent: Tuesday, May 23, 2000 4:12 AM
Subject: Re: (RADIATOR) Compatibility with Livingston
Hello William -
On Tue, 23 May 2000, William Hernandez wrote:
> This is my radius.cfg file:
>
> # livingCompat.cfg
> #
> # This is a simple Radiator config file that allows you
> # to continue using a bog standard Livingston or
> # similar users file with Radiator, It implements the
> # Auth-Type="System" check item by using AuthBy UNIX
> #
> # You will probably want to change the definitions of
> # DbDir, LogDir and the Filename parameters
> #
> # Author: Mike McCauley ([EMAIL PROTECTED])
> # Copyright (C) 1997 Open System Consultants
> # $Id: livingCompat.cfg,v 1.3 1999/07/12 02:01:35 mikem Exp $
> LogFile /var/log/radius.log
> DictionaryFile %D/dictionary.ascend2
> FingerProg /usr/bin/finger
> SnmpgetProg /usr/bin/snmpget
> RewriteUsername tr/[A-Z]/[a-z]/
> LogStdout
> Trace 4
> PidFile /tmp/radiusd.pid
> AuthPort 1812
> AcctPort 1813
> LogDir /var/log/radacct
> DbDir /etc/raddb
> LogFile /var/log/radius.log
> DictionaryFile %D/dictionary.ascend2
>
> # This clause defines a single client to listen to
> # You will probably want to change localhost and mysecret
> # to suit your site.
> <Client localhost>
> Secret mysecret
> </Client>
>
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> FramedGroupBaseAddress 10.0.0.1
> FramedGroupBaseAddress 10.0.1.1
> FramedGroupBaseAddress 10.0.2.1
> FramedGroupMaxPortsPerClassC 20
> </Client>
>
> # This clause means we will handle any realm that arrives
> <Realm DEFAULT>
> <AuthBy FILE>
> Filename /etc/raddb/users
> </AuthBy>
> <AuthBy UNIX>
> Identifier System
> Filename /etc/passwd
> </AuthBy>
> # Log accounting to the detail file in LogDir
> AcctLogFileName /var/log/detail.log
> PasswordLogFileName /var/log/radius.log
> ExcludeFromPasswordLog root
> </Realm>
>
> # This clause defines an authorization method that will be used
> # by any users in the database with Auth-Type="System". It will
> # match the "Identifier System"
> <AuthBy UNIX>
> Identifier System
> Filename /etc/passwd
> </AuthBy>
>
> This is a typical entry in my users file:
>
> company.com Password = "System"
> User-Service = Framed-User,
> Framed-Protocol = PPP,
> Framed-Address = 111.111.11.111,
> Framed-Netmask = 255.255.255.255,
> Framed-Compression = Van-Jacobsen-TCP-IP,
> Ascend-Idle-Limit = 0
>
> I'm expecting authorization with the UNIX passwd file, if the
> user is not in the users file.
>
The above is slightly contradictory, and I am not sure what the
users file
entry is meant to be doing. Is the Password entry for
"company.com" really
meant to be the word "System"? or do you want to refer that
authentication to
the System call as defined in the AuthBy UNIX? And what is meant
by the entry
"company.com" itself? Are you expecting to deal with usernames of
this form
directly?
please let me know
thanks
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS
server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc,
etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS
X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
