I'm having a problem with the rlm_passwd and users file. I have a
working configuration with 0.9.3 that's not working under 1.0.0 and I
don't know why. Hopefully, a second set of eyes on the list will catch
this. I'm having this problem with a default radiusd.conf (with just
the passwd blocks added,) so I don't think it's my EAP/mysql stuff
affecting this.
The passwd configuration is:
passwd wireless_group {
filename = /usr/dcs/networking/radius/etc/master-config
format = "*User-Name:~Group-Name:"
delimiter = "|"
hashsize = 100
}
which sources a file that looks like
001122334455|students|dynamic
which is the access control for our wireless networks. The
wireless_group should parse that on a AP MAC authorization request, and
add the Group-Name students to the request.
My users file has a section that looks like this:
DEFAULT Group-Name == "students", Auth-Type := Accept
Cisco-AVpair += "ssid=dcs-students",
Cisco-AVpair += "ssid=dcs-students2"
Which adds the SSIDs the user is allowed to use. This, in addition to
some Huntgroup lines I've removed for now for testing, is working fine
under 0.9.3. That similar configuration under 1.0.0 gives me this:
rad_recv: Access-Request packet from host 127.0.0.1:34747, id=179, length=64
User-Name = "00601df6e3d3"
User-Password = "password"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
rlm_passwd: Added Group-Name: 'students' to request_items
modcall[authorize]: module "wireless_group" returns ok for request 1
modcall[authorize]: module "files" returns notfound for request 1
modcall[authorize]: module "mschap" returns noop for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall: group authorize returns ok for request 1
auth: No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
auth: Failed to validate the user.
Login incorrect: [00601df6e3d3/password] (from client localhost port 1)
I can see that the rlm_passwd processing is working fine, and it's
happening before files part in the authorization, but files still returns
notfound. Do I need to do something differently for 1.0.0? Thanks in
advance,
Dave
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
