Hello Dean -

On Mon, 10 Jan 2000, Dean Brandt wrote:
> Hi Hugh,
> 
>       Thanks for the tip...I now have this:
> 
> <Realm DEFAULT>
>         <AuthBy GROUP>
>         AuthByPolicy ContinueUntilReject
> 
>                 <AuthBy FILE>
>                 # The filename defaults to %D/users
>                 </AuthBy>
> 
>                 # Log accounting to the detail file in LogDir
>                 AcctLogFileName %L/detail
> 
>                 <AuthBy UNIX>
>                 Identifier System
>                 Filename /etc/shadow
>                 </AuthBy>
>         </AuthBy>
> 
> </Realm>
> 
>       But it still fails.
> 

The AuthBy GROUP in this context is not neccessary, and your AuthByPolicy will
Reject if the user is not in the %D/users file. Try this:

<Realm DEFAULT>
        AuthByPolicy ContinueUntilAccept

        <AuthBy FILE>
                # The filename defaults to %D/users
        </AuthBy>

        # Log accounting to the detail file in LogDir
        AcctLogFileName %L/detail

        <AuthBy UNIX>
                Filename /etc/shadow
        </AuthBy>
</Realm>

Just for reference, this could also be written as follows:

# construct an AuthBy GROUP with Identifier AuthByGroup

<AuthBy GROUP>
        Identifier AuthByGroup
        AuthByPolicy ContinueUntilReject

        <AuthBy FILE>
                # The filename defaults to %D/users
        </AuthBy>

        # Log accounting to the detail file in LogDir
        AcctLogFileName %L/detail

        <AuthBy UNIX>
                Filename /etc/shadow
        </AuthBy>
</AuthBy>

# configure the Realm DEFAULT to refer to the AuthBy GROUP

<Realm DEFAULT>
        AuthBy AuthByGroup
</Realm>


This type of configuration is usually used when there are multiple clauses that
refer to the same set of AuthBy's.

hth

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to