Have gotten freeradius installed configured and working about 99% fine
but I have noticed one little glitch that I cannot figure out how to
resolve. I have the system set up to authenticate via pam, no problems
there; and I have the system set up so that it will accept either
"username" or "[EMAIL PROTECTED]" as the same local user (users are
not really supposed to log in with the @mydomain.com... but inevitably
there are those that can't read the setup instructions and so we save
ourselves a few hours of tech-support time here :-), again no problem
logging in with either flavor. The problem occurs in that in a couple
of places in the users file I have specified default entries based on
group, for example...
DEFAULT Group == "nologin", Auth-Type := Reject
Reply-Message = "Your account has been disabled."
DEFAULT Group == "staff", Simultaneous-Use := 4
Idle-Timeout = 0,
Session-Timeout = 0,
Fall-Through = 1
If I log in with the "username" flavor everything works properly and I
am either denied access, or assigned the proper attributes as defined
above. BUT if I try to log in as "[EMAIL PROTECTED]" the group
lines are ignored and for example if my group is nologin I am still
allowed to log in, and if my group is staff I am not assigned these
special attributes, but rather get the default login attributes as
specified further down in the file. Locking the accounts and/or
specifying account expiry dates still works as expected regardless of
the flavor of login, it's just the group stuff that seems to be getting
ignored when @mydomain.com is used.
Anybody have any suggestions? The behavior should be the same in both
cases I would assume since both are defined as LOCAL in proxy.conf
realm mydomain.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm NULL {
type = radius
authhost = LOCAL
accthost = LOCAL
}
Thanks in advance!
Cheers,
>>>>> Mike <<<<<
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
