Hi,
first, i had to add a line to strip something from the default realm to have it
working for those accounts.... however, when i install 2.14 with the cfg which
worked fine with 2.13, some realms don't seem to work correctly... the users
get authenticated (Trace 4 doesn't show anything weird) but somehow the
connections aren't working correctly... i think it could be something wrong
with the AddToReply's i use...
i don't want to post my complete cfg since there's too much sensitive
information in it, so i'll try to show some parts of the cfg which i think may
be the ones causing trouble... I have one default realm, which looks up users
in the mysql database and if it doesnt find them, the requests are proxied to
radiusd on a different server which uses the /etc/passwd overthere. There's
also one other realm that sets the Ascend-Data-Filter's to make sure the
accounts can only make a connections through port 25... and two other realms
which we use for seperate mysql user databases.
At the top of the cfg i have this :
RewriteUsername s/^(B.*)/$1\@bsmtp/
which means every account starting with 'B' will be converted to Baccount@bsmtp
and thus be handled by the bsmtp realm (will this still work with 2.14?).
The bsmtp realm has the following AddToReply:
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR from \
SUBSCRIBERS where USERNAME='%n' and DISABLED = 0
AddToReply Ascend-Data-Filter = "ip out forward", \
Ascend-Data-Filter = "ip in forward icmp", \
Ascend-Data-Filter = "ip in forward udp", \
Ascend-Data-Filter = "ip in forward tcp est", \
Ascend-Data-Filter = "ip in forward dstip 10.1.2.3/24 tcp", \
Ascend-Data-Filter = "ip out forward tcp srcport = smtp", \
Ascend-Data-Filter = "ip out forward tcp dstport = smtp", \
Ascend-Data-Filter = "ip in forward tcp srcport = smtp", \
Ascend-Data-Filter = "ip in forward tcp dstport = smtp", \
Ascend-Data-Filter = "ip out forward tcp srcport = 110", \
Ascend-Data-Filter = "ip out forward tcp dstport = 110", \
Ascend-Data-Filter = "ip in forward tcp srcport = 110", \
Ascend-Data-Filter = "ip in forward tcp dstport = 110"
(actually i'm thinking about cleaning this up by using Filter's inside
our ascend-max but i didnt get those darn things to work like they should...
does any1 have some examples/info?)
Thanks,
Ricardo.
----------------------------------
E-Mail: Ricardo Kustner <[EMAIL PROTECTED]>
Date: 20-Jul-99
Time: 09:33:58
This message was sent by XFMail
----------------------------------
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
