I am trying to setup freeradius to read a group file to allow people to use a huntgroup. If I setup the huntgroups file with User-Name = testuser it works, if I set it as Group or Group-Name = ssusers it fails.
master.passwd file is authing correctly, that is not the issue.
I have changed the order of the authorize section to have group_master before preprocess. I have removed the entire rlm_unix section, that solved the segfaulting, but still rejects request.
I am using version 0.9.2 on FreeBSD 4.8
Below is the group file, huntgroup file, and a pruned radiusd -X output of a request.
The interesting part.. It gets the group name, but then says no huntgroup access.
rlm_passwd: Added Group-Name: 'ssusers' to config_items modcall[authorize]: module "group_master" returns ok for request 0 No huntgroup access: [cslye] (from client test port 0) modcall[authorize]: module "preprocess" returns reject for request 0 modcall: group authorize returns reject for request 0
Any ideas? Thanks.. Sorry for long email, hoping to include everything first time.
Next thing I am going to try is putting all the rlm_unix stuff back and getting it to segfault again, on a --enable-developer build.
group file:
ssusers:testuser,testuser2,testuser3
huntgroup file:
slipstream Called-Station-Id =~ "1856$"
Group-Name = ssusersBelow is the debug output.
Starting - reading configuration files ... reread_config: reading radiusd.conf Module: Loaded passwd passwd: filename = "/usr/local/etc/raddb/master.group" passwd: format = "*Group-Name:*,User-Name" passwd: authtype = "(null)" passwd: delimiter = ":" passwd: ignorenislike = yes passwd: allowmultiplekeys = no passwd: hashsize = 100 rlm_passwd: nfields: 2 keyfield 1(User-Name) listable: yes Module: Instantiated passwd (group_master) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) passwd: filename = "/usr/local/etc/raddb/master.passwd" passwd: format = "*User-Name:Crypt-Password:" passwd: authtype = "pap" passwd: delimiter = ":" passwd: ignorenislike = yes passwd: allowmultiplekeys = no passwd: hashsize = 100 rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no Module: Instantiated passwd (passwd_master) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Ready to process requests. rad_recv: Access-Request packet from host XXX.XXX.XXX.XXX:2755, id=137, length=63 User-Name = "testuser" User-Password = "passwd" Framed-Protocol = PPP Called-Station-Id = "9162221856" modcall: entering group authorize for request 0 rlm_passwd: Added Group-Name: 'ssusers' to config_items modcall[authorize]: module "group_master" returns ok for request 0 No huntgroup access: [cslye] (from client test port 0) modcall[authorize]: module "preprocess" returns reject for request 0 modcall: group authorize returns reject for request 0 Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 137 to XXX.XXX.XXX.XXX:2755 Waking up in 4 seconds... --- Walking the entire request list ---
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
