On Tue, Mar 19, 2002 at 11:24:07AM -0500, Alan DeKok wrote:
> Willie Bollinger <[EMAIL PROTECTED]> wrote:
> > I have the following entries in the radius server
> >
> > DEFAULT Group == "mailtest", Auth-Type := Reject
> > Reply-Message = "Your account has been disabled.",
>
> That will disallow users who are in the Unix group named "mailtest"
That is what I want it to do, but it is actually authenticating them
>
> > And when I run it in debug using the "mailtest" user who is in group
> > mailtest it authenticates it as tho the stop check is not there
>
> Do you have the 'unix' nodule listed in the 'authorize' section?
>
> If not, then the server doesn't know anything about Unix groups.
>
This is how the config file is set up. This is running on FreeBSD
unix {
#
# Cache /etc/passwd, /etc/shadow, and /etc/group
#
# The default is to cache them.
#
# For FreeBSD, you do NOT want to enable the cache,
# as it's password lookups are done via a database.
#
# allowed values: {no, yes}
cache = no
# Reload the cache every 600 seconds (10mins). 0 to disable.
cache_reload = 600
#
# Define the locations of the normal passwd, shadow, and
# group files.
#
# 'shadow' is commented out by default, because not all
# systems have shadow passwords.
#
# To force the module to use the system password functions,
# instead of reading the files, comment out the 'passwd'
# and 'shadow' configuration entries. This is required
# for some systems, like FreeBSD.
#
#passwd = /etc/passwd
# shadow = /etc/shadow
group = /etc/group
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
-------------------------------------------------------------------------------
Willie Bollinger, ABSnet Internet Service
Voice 410-361-8160 E-Mail [EMAIL PROTECTED]
http://www.abs.net
-------------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html