Hi all,
I'm running FreeRadius 0.5 on FreeBSD 4.2, and I'm having some trouble with
UNIX group authentication. This radius server accepts authentication
requests from various sources, and I want to be able to give particular
users access to different systems based on their UNIX group. For instance,
the cfguser group lets netadmins log into Cisco routers.
So I tried:
DEFAULT NAS-Port-Type == Virtual, Group == "cfguser", Auth-Type := System
Service-Type = NAS-Prompt-User
but this doesn't match any users. (I match Cisco telnet logins by checking
NAS-Port-Type.)
Here's the radiusd -X output fragment:
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm NULL for User-Name = "admin"
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
modcall[authorize]: module "files" returns notfound
modcall: group authorize returns ok
auth: No Auth-Type configuration for the request, rejecting the user
auth: Failed to validate the user.
and the radiusd.conf:
[dispair:/usr/local/etc/raddb]# diff radiusd.conf.sample radiusd.conf
100c100
< group = root
---
> group = wheel
468c468
< cache = yes
---
> cache = no
485c485
< passwd = /etc/passwd
---
> #passwd = /etc/passwd
the /etc/group file entry:
cfguser:*:100:admin,lester
Is this the right way to do group authentication? Any pointers appreciated.
Thanks,
Lester
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
