Re: Group Attribute on an Ascend TNT

Tue, 19 Mar 2002 08:09:53 -0800 

I have the following entries in the radius server

DEFAULT        Group == "mailtest", Auth-Type := Reject 
               Reply-Message = "Your account has been disabled.",

DEFAULT         Auth-Type := System
                Fall-Through = 1


And when I run it in debug using the "mailtest" user who is in group
mailtest it authenticates it as tho the stop check is not there

rad_recv: Access-Request packet from host 207.114.1.248:1796, id=2, length=103
        User-Name = "mailtest"
        User-Password = "Oz\234\210\356"
        NAS-IP-Address = 207.114.1.248
        NAS-Port = 7190
        NAS-Port-Type = Async
        Service-Type = Framed-User
        Framed-Protocol = PPP
        State = 0x
        Called-Station-Id = "4239193"
        Acct-Session-Id = "385073652"
        X-Ascend-Data-Rate = 26400
        X-Ascend-Xmit-Rate = 42667
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "suffix" returns ok
    users: Matched DEFAULT at 156
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
  modcall[authenticate]: module "unix" returns ok
modcall: group authenticate returns ok
Login OK: [mailtest] (from nas UNKNOWN-NAS port 7190)
Sending Access-Accept of id 2 to 207.114.1.248:1796
Finished request 0
Going to the next request
--- Walking the entire request list ---


On Tue, Mar 19, 2002 at 11:09:07AM -0500, Alan DeKok wrote:
> Willie Bollinger <[EMAIL PROTECTED]> wrote:
> > I am running version 0.5 and am trying to set it up using the group settings
> > in radius to disallow access from a certain unix group of hosts. When I add
> > the group setting to radius to disallow users from group "mailbox" from 
> > authenticating. All of a sudden the MaxTNT starts denying all connections. 
> 
>   Did the server start rejecting the requests?  Did you run it in
> debugging mode?
> 
> > It seems as tho the TNT does not like seeing that group attribute at
> > all.
> 
>   No.  The group attribute is never sent over the wire.
> 
>   Run the server in debugging mode, like it says in the README and in
> the FAQ.
> 
>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
-------------------------------------------------------------------------------
Willie Bollinger, ABSnet Internet Service
Voice 410-361-8160  E-Mail [EMAIL PROTECTED]
http://www.abs.net
-------------------------------------------------------------------------------

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to