On Feb 2, 2004, at 08:49, Alan DeKok wrote:
Doug Hardie <[EMAIL PROTECTED]> wrote:I am trying to setup a users file using prefix and suffix and can't seem to get it to recognize them.
Because the Prefix & Suffix attributes are generally intended for use in the "hints" file, not the "users" file.
I have made the hints file completely empty. Prefix and Suffix only appear in the users file.
Ok, so you took an example configuration of the server which worked, and changed it... why?
Why are you expecting that entries in the "users" file behave the same
as entries in the "hints" file?
I have tried commenting out anything dealing with prefix or suffix in the radiusd.conf file which didn't seem to change anything.
I don't see why you would think that would make any difference. Any references in "radiusd.conf" to "prefix" or "suffix" have DOCUMENTATION in the comments, which describe what they're for. If you're commenting out things randomly without reading the documentation, of course you're confused.
Stop trying to break the server. It comes with a working configuration.
Thank you for the thoughtful insight and assistance in getting it working. I would like to point out that the default cofiguration did not work at all for me. I could not distinguish the basic groups I needed. After many hours of trial and error I finally figured out how hints are actually implemented. Neither the O'Reilly book or the man pages/docs provided that key understanding unfortunately. For those who might be facing a similar situation, here is what I found that works:
Hints file:
DEFAULT Prefix = "DUB+", Strip-User-Name = Yes
Hint = "SlipStream"DEFAULT Prefix = "dub+", Strip-User-Name = Yes
Hint = "SlipStream"DEFAULT Suffix = "@lafn", Strip-User-Name = Yes
Hint = "Extended"DEFAULT Suffix = "@lafn.org", Strip-User-Name = Yes
Hint = "Extended"User file:
DEFAULT HINT == "SlipStream", Auth-Type := System
Exec-Program-Wait = "/etc/raddb/local %u %n S %{Called-Station-Id}",
Idle-Timeout = 900
DEFAULT HINT == "Extended", Auth-Type := System
Exec-Program-Wait = "/etc/raddb/local %u %n E %{Called-Station-Id}",
Idle-Timeout = 900
DEFAULT Auth-Type := System
Exec-Program-Wait = "/etc/raddb/local %u %n R %{Called-Station-Id}",
Idle-Timeout = 900
Notes: The Strip-User-Name is required in the hints file for radiusd to use only the user id for authentication. Without it, it tries to authenticate the name with the prefix or suffix. Putting the Strip-User-Name in the users file (works for Cistron) results in it not matching the default entry. However, the full name with prefix and suffix is passed to the exec-program so it has to strip them off internally. If you set the radiusd.conf lower_user to before then you need to have the prefix and suffix in lowercase in the users file. I probably don't need the entry with the prefix in caps as I don't think it can ever be found.
The directory entries at the top of radiusd.conf can be changed and radiusd does properly use them. However, the support apps don't read the conf file but have that information incorporated at compile time. Hence, you need to use the configure parameters to set them. The descriptions for them are a bit misleading as to which things are actually changed by the entries. I used a trial and error approach of changing the configure parameters, compiling and then checking the radiusd.conf entries that resulted to get what I needed. The entry for the pid file is not alterable via configure. I presume that only radiusd uses that so such would not be necessary.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
