I'm running BSDI 4 and Radiator 2.12.1.
All I want for Christmas is not my two front teeth but the following to work:
1) we will eventually be using a realm (wingnet.net) to authenticate some
users
2) most of our users will not be logging in with a realm and will need to be
authenticated against a realm
3) we authenticate off the BSDI passwd file
4) but we use the Radius 'users' file to keep expiration, simultaneous-use,
and other information on our customers
I have tried multiple <Realm> statements in the radius.cfg file according
to the docs but I cannot get radpwtst to authenticate a user off the
passwd file.
I've even pared down the 'users' file so that it only contains an entry like
so:
DEFAULT Auth-Type = System
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.255
username Auth-Type = System
But I cannot get the username to authenticate at all. The only way I can
get it to authenticate is to put the password in the 'users' file.
Here's a look at the radius.cfg file:
LogDir /var/log/radius
DbDir /usr/local/Radiator/raddb
LogFile %L/detail
DictionaryFile %D/dictionary
<Client localhost>
Secret secret #which I have changed in radpwtst to match what
#I have here
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy FILE>
</AuthBy>
</Realm>
<Realm dummyrealmforholdingauthbyunix>
<AuthBy UNIX>
Identifier System
</AutyBy>
</Realm>
Pretty simple, and should work as best as I understand the docs, but it
isn't working.
I have been running radiusd on a separate port so my users don't run
into trouble getting authenticated while I'm testing this. So here's what I
send on radpwtst:
./radpwtst -status -trace -acct_port 1701 auth_port 1700 -user username -
password password
The results of the trace simply say
sending Access-Request
Rejected
Code: Access-Reject
...
However, if I enable one of the default entries in the 'users' file (like the
'mikem' entry that has the password IN the 'users' file) then that gets
authenticated. Or if I put username's password in the 'users' file, then
'username' will be authenticated. It's simply not authenticating against the
BSDI passwd file for some reason.
Help? Ideas? Sample configs working for someone else?
Thanks
Craig Thompson
----------------------------------------------------------------------
WingNET Internet Services,
P.O. Box 3000 // Cleveland, TN 37320-3000
423-559-LINK (v) 423-559-5444 (f)
http://www.wingnet.net
----------------------------------------------------------------------
I'm not old, I'm chronologically gifted.
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.