Hello everyone -
Below is my current setup after making recommended changes.
What I want to happen is the following:
if the user is in the users file
then if the entry has a password
then use it for authentication
else use UNIX (/etc/shadow)
else use UNIX (/etc/shadow)
Thanks in advance.
whr
Start Cut here for radius.cfg
-----------------------------------------------------------------
---
# livingCompat.cfg
#
# This is a simple Radiator config file that allows you
# to continue using a bog standard Livingston or
# similar users file with Radiator, It implements the
# Auth-Type="System" check item by using AuthBy UNIX
#
# You will probably want to change the definitions of
# DbDir, LogDir and the Filename parameters
#
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 1997 Open System Consultants
# $Id: livingCompat.cfg,v 1.3 1999/07/12 02:01:35 mikem Exp $
LogStdout
Trace 4
PidFile /tmp/radiusd.pid
AuthPort 1812
AcctPort 1813
LogDir /var/log/radacct
DbDir /etc/raddb
LogFile /var/log/radius.log
DbDir /etc/raddb
LogFile /var/log/radius.log
DictionaryFile /etc/raddb/dictionary.ascend2
FingerProg /usr/bin/finger
SnmpgetProg /usr/bin/snmpget
RewriteUsername tr/[A-Z]/[a-z]/
# This clause defines a single client to listen to
# You will probably want to change localhost and mysecret
# to suit your site.
<Client localhost>
Secret mysecret
</Client>
<Client DEFAULT>
Secret mysecret
DupInterval 0
FramedGroupBaseAddress 10.0.0.1
FramedGroupBaseAddress 10.0.1.1
FramedGroupBaseAddress 10.0.2.1
FramedGroupMaxPortsPerClassC 20
</Client>
# This clause means we will handle any realm that arrives
<Realm DEFAULT>
AuthByPolicy ContinueUntilAccept
AuthBy Check-FILE
AuthBy System
# Log accounting to the detail file in LogDir
AcctLogFileName /var/log/detail.log
PasswordLogFileName /var/log/radius.log
ExcludeFromPasswordLog root
</Realm>
# This clause defines an AuthBy FILE with Identifier Check-FILE
<AuthBy FILE>
Identifier Check-FILE
Filename /etc/raddb/users
</AuthBy>
# This clause defines an authorization method that will be used
# by any users in the database with Auth-Type="System". It will
# match the "Identifier System"
<AuthBy UNIX>
Identifier System
Filename /etc/shadow
</AuthBy>
-----------------------------------------------------------------
-------
End Cut here for radius.cfg
Start Cut here for users
-----------------------------------------------------------------
-------
company1.com Auth-Type = "System"
Service-Type = Framed-User,
Framed-Protocol = MP,
Framed-IP-Address = 208.249.79.226,
Framed-IP-Netmask = 255.255.255.255,
Framed-Compression = Van-Jacobson-TCP-IP,
Ascend-Maximum-Channels = 2,
NAS-Port-Type = ISDN-Sync,
Ascend-Route-IP=Route-IP-Yes,
Ascend-Idle-Limit = 0
company2.com Auth-Type = "System"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 208.249.79.227,
Framed-IP-Netmask = 255.255.255.255,
Framed-Compression = Van-Jacobson-TCP-IP,
Ascend-Idle-Limit = 0
DEFAULT Hint="LOCAL", Auth-Type = "System", Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.255,
Framed-Compression = Van-Jacobson-TCP-IP,
Ascend-Idle-Limit = 900
DEFAULT Auth-Type = "System", Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.255,
Framed-Compression = Van-Jacobson-TCP-IP,
Ascend-Idle-Limit = 900
-----------------------------------------------------------------
-------
End Cut here for users
Messages at startup:
Fri May 26 09:06:33 2000: WARNING: Could not find an <AuthBy>
clause with Identi
fier for AuthBy Check-FILE
Fri May 26 09:06:33 2000: WARNING: Could not find an <AuthBy>
clause with Identi
fier for AuthBy System
Fri May 26 09:06:33 2000: DEBUG: Reading users file
/etc/raddb/users
Fri May 26 09:06:33 2000: DEBUG: Reading group file /etc/group
Starting radiusd
www:/etc/raddb# Fri May 26 09:06:33 2000: INFO: Server started:
Radiator 2.15
A password check gives me the following for user "whr" (this
user is not in the users file and should be authenticated against
/etc/shadow):
Fri May 26 09:24:07 2000: DEBUG: Rewrote user name to whr
Fri May 26 09:24:07 2000: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri May 26 09:24:07 2000: DEBUG: Deleting session for whr,
203.63.154.1, 1234
Fri May 26 09:24:07 2000: INFO: Access rejected for whr:
Fri May 26 09:24:07 2000: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1324 ....
Code: Access-Reject
Identifier: 217
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
Rejected
sending Accounting-Request Start...
No reply
sending Accounting-Request Stop...
No reply
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
