I have similar problem. I try group-based authenticate.
in radius.conf:
passwd raddb_userlist {
filename = /etc/raddb/userlist
format = "*User-Name:User-Password:Group-Name"
authtype = MS-CHAP
hashsize = 1000
ignorenislike = no
allowmultiplekeys = no
}
in /etc/raddb/userlist:
mmike:mike:fast
users file (with line numbers):
185:DEFAULT Group-Name == "slow", Pool-Name := "ippool-1-slow"
186: Fall-Through = Yes
187:
188:DEFAULT Group-Name == "fast", Pool-Name := "ippool-1-fast"
189: Fall-Through = Yes
190:
191:DEFAULT Service-Type == Framed-User
192: Framed-MTU = 1500,
193: Service-Type = Framed-User,
194: Fall-Through = Yes
now i run radiusd:
# radiusd -xx
...
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_passwd: Added User-Password: mike
rlm_passwd: Added Group-Name: fast <---- Group-Name attribute added with value
"fast"
rlm_passwd: Adding Auth-Type: MS-CHAP
....
users: Matched DEFAULT at 191
modcall[authorize]: module "files" returns ok
...
MATCH found at line 191 only. Hm.. what about line 188?!!!
I try use "Group" attr instead "Group-Name". Result is the same.
Its like a bug?
> I have install freeradius 0.7.1 on slackware 8.0 with shadow password
> Installation was ok and basic functions are working.
> I have experience problems wen i try to deny access to one of the groups
> on the radius server
> Following instruction did not help.
> I try :
> DEFAULT Group == "users" , Auth-Type :=Reject
> DEFAULT Group == users , Auth-Type :=Reject
> DEFAULT Group == "users" , Auth-Type =Reject
> DEFAULT Group == users , Auth-Type =Reject
> And more before:
> DEFAULT Auth-Type := System
> but nothing work.
> User marcin , group users was always able to authenticate.
> This is a debug of the auth process:
>
> rad_recv: Access-Request packet from host 216.168.1.38:4751, id=131,
> length=81
> NAS-IP-Address = 216.168.1.38
> Calling-Station-Id = "204.251.93.250"
> User-Name = "marcin?X0040;hostplus.net"
> User-Password = "\274\252\2162\275\rS+\305F.\240\007Ia"
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> rlm_realm: Looking up realm hostplus.net for User-Name =
> "marcin?X0040;hostplus.net"
> rlm_realm: Found realm hostplus.net
> rlm_realm: Adding Stripped-User-Name = "marcin"
> rlm_realm: Proxying request from user marcin to realm hostplus.net
> rlm_realm: Adding Realm = "hostplus.net"
> rlm_realm: Authentication realm is LOCAL.
> rlm_realm: auth_port is not set. proxy cancelled
> modcall[authorize]: module "suffix" returns noop
> users: Matched DEFAULT at 6
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok
> rad_check_password: Found Auth-Type System
> auth: type "System"
> modcall: entering group authenticate
> modcall[authenticate]: module "unix" returns ok
> modcall: group authenticate returns ok
> Login OK: [marcin?X0040;hostplus.net] (from client supernews port 0 cli
> 204.251.93.250)
> Sending Access-Accept of id 131 to 216.168.1.38:4751
> Finished request 4
> Going to the next request
>
> And one more thing.
> Will i be able to limit access based on
> Called-Station-id ?
> If so what would be a process to set this up?
>
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
