Re: (RADIATOR) using the Group check item

Wed, 1 Sep 1999 17:59:38 -0700 


Hello Anand -

On Wed, 01 Sep 1999, Anand Buddhdev wrote:
> I've been testing Radiator 2.13.1. My platform is Solaris 7. I am using
> the following raddb/users file, with 2 entries:
> 
> DEFAULT Auth-Type = "UNIX", Group = email
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Address = 255.255.255.254,
>         Framed-IP-Netmask = 255.255.255.128,
>         Framed-Routing = None,
>         Filter-Id = emailonly,
>         Framed-Compression = Van-Jacobsen-TCP-IP,
>         Framed-MTU = 1500
> 
> DEFAULT Auth-Type = "UNIX"
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Address = 255.255.255.254,
>         Framed-IP-Netmask = 255.255.255.128,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobsen-TCP-IP,
> 
> And then in my radius.cfg, I have the following for authentication by
> unix (the group filename is the default /etc/group):
> 
> ....
> <<AuthBy UNIX>
>         Identifier UNIX
>         Filename /etc/shadow    
> </AuthBy>
> ....
> 
> My idea is that if a user is a member of the unix group "email", then
> they are authenticated by the first DEFAULT paragraph, and get a filter
> which restricts them to email only. If not, then they get the paragraph,
> and have no filters set for them. This makes it very easy for us to
> manage our users, simply by making them members (or not) or certain
> groups. However, I now have a problem: If a user has the primary group
> "email", radiator does not use it, and auths them with the second entry.
> However, if I now put the username into the /etc/group file with group
> "email", it works OK. This becomes a problem because I have more than
> 1000 users, and the entries in the /etc/group file are limited to a
> certain length. Is this a failing in Radiator, or am I doing something
> wrong?

You aren't doing anything wrong - Section 13.1 of the Radiator 2.14.1 reference
manual explicitly states that the Group check item will check the UNIX
/etc/group file. I think you will have to do something different - possibly
have two separate users files corresponding to your two groups.

hth

Hugh

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to