"George C. Kaplan" <[EMAIL PROTECTED]> wrote:
> This almost works. User 'fred' can authenticate only from huntgroup
> 'huntA' and 'sam' can authenticate only from 'huntB'. User 'george'
> can authenticate from either huntgroup, but *only* with the "georgeA"
> password, even if he's coming from huntgroup 'huntB'.
Yup.
> Debug output (below) shows that both 'george' entries are found, and
> both passwords are added to the config_items. But only the first one
> is checked against the supplied password.
The solution is to *not* read both passwd files. Use the huntgroups
to select which passwd file is read. e.g.
#---
DEFAULT Huntgroup-Name == "huntA", Autz-Type = "usersA"
DEFAULT Huntgroup-Name == "huntB", Autz-Type = "usersB"
#---
And in authorize, do:
authorize {
...
users
...
Autz-Type usersA {
usersA
}
Autz-Type usersB {
usersB
}
}
That should work. You won't be able to match the test-group, but
you will be able to select passwords by huntgroups.
The solution a month or two from now is to use th enew policy module
in the CVS head, when the module is finalized.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
