I am trying to setup User and user group authentication with our Pix. I
have been experimenting with various methods, including Auth-Type := Local
and SQL authentication.
To help with my decision, I need to test group Attributes in the
raddb/users file. I have tried the following methods but always receive an
error:
"auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate user."
Methods I have tried.
the following works fine to simple authenticate my user and send an ACL:
twebster Auth-Type := Local, Password == "password"
Cisco-AVPair += "ip:inacl#1=permit ip 192.168.0.0 255.255.255.0
192.168.2.0 255.255.255.0"
the following fails with the above error message:
twebster Auth-Type := Local, Password == "password", User-Category
= "mycategory"
mycategory
Cisco-AVPair += "ip:inacl#1=permit ip 192.168.0.0 255.255.255.0
192.168.2.0 255.255.255.0"
the following also fails
twebster Auth-Type := Local, Password == "password", User-Category
= "mycategory"
mycategory Auth-Type := Local
Cisco-AVPair += "ip:inacl#1=permit ip 192.168.0.0 255.255.255.0
192.168.2.0 255.255.255.0"
as well as the following fails,
twebster Auth-Type := Local, Password == "password", Group
= "mygroup"
mygroup
Cisco-AVPair += "ip:inacl#1=permit ip 192.168.0.0 255.255.255.0
192.168.2.0 255.255.255.0"
questions:
1. Any have this working or can suggest other trials?
2. Are there other methods of useing groups?
3. How can I use encrypted passwords instead of clear text in the
users file?
thanks
Tony
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
