Have gotten freeradius installed configured and working about 99% fine
but I have noticed one little glitch that I cannot figure out how to
resolve.  I have the system set up to authenticate via pam, no problems
there; and I have the system set up so that it will accept either
"username" or "[EMAIL PROTECTED]" as the same local user (users are
not really supposed to log in with the @mydomain.com... but inevitably
there are those that can't read the setup instructions and so we save
ourselves a few hours of tech-support time here :-), again no problem
logging in with either flavor.  The problem occurs in that in a couple
of places in the users file I have specified default entries based on
group, for example... 

DEFAULT             Group == "nologin", Auth-Type := Reject
                Reply-Message = "Your account has been disabled."

DEFAULT         Group == "staff", Simultaneous-Use := 4
                Idle-Timeout = 0,
                Session-Timeout = 0,
                Fall-Through = 1

If I log in with the "username" flavor everything works properly and I
am either denied access, or assigned the proper attributes as defined
above.  BUT if I try to log in as "[EMAIL PROTECTED]" the group
lines are ignored and for example if my group is nologin I am still
allowed to log in, and if my group is staff I am not assigned these
special attributes, but rather get the default login attributes as
specified further down in the file.  Locking the accounts and/or
specifying account expiry dates still works as expected regardless of
the flavor of login, it's just the group stuff that seems to be getting
ignored when @mydomain.com is used.

Anybody have any suggestions?  The behavior should be the same in both
cases I would assume since both are defined as LOCAL in proxy.conf

realm mydomain.com {
        type            = radius
        authhost        = LOCAL
        accthost        = LOCAL
}

realm NULL {
        type            = radius
        authhost        = LOCAL
        accthost        = LOCAL
}

Thanks in advance!

Cheers,
>>>>> Mike <<<<<


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to