Hi,
I am using a passwd module to authorize users. First passwd module
checks cisco_users file (format = "*User-Name:Cleartext-Password") and
then passwd module must check cisco_groups file (format =
"~Cisco-Group:*,User-Name"). However when passwd module checks the
cisco_user file, it returns status "ok" even when user password (in
request packet) doesnt match with cisco_user file. So i am able to
distinguish users only by their User-Name, but i need to check their
passwords as well. I cannot figure out how to write that in my authorize
section. Later, if username and password matches an entry in my
cisco_user file i will call cisco_group file and find to which group
that user belongs to assign the right services.
currently my code looks like this:
passwd cisco_user_module {
#filename = /etc/group
filename = /usr/local/etc/raddb/cisco_users
#format = "=Etc-Group-Name:::*,User-Name"
format = "*User-Name:Cleartext-Password"
hashsize = 100
ignorenislike = yes
allowmultiplekeys = yes
delimiter = ":"
}
authorize {
cisco_user_module
if(notfound){
update control{
Auth-Type := Reject
}
update reply{
Reply-Message := "Access denied, sorry!"
}
}
elseif(ok){
cisco_group_module
}
}
I hope u guys can help me, i will appreciate ;)
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
