Hello Dean -
On Mon, 10 Jan 2000, Dean Brandt wrote:
> Hi Hugh,
>
> Thanks for the tip...I now have this:
>
> <Realm DEFAULT>
> <AuthBy GROUP>
> AuthByPolicy ContinueUntilReject
>
> <AuthBy FILE>
> # The filename defaults to %D/users
> </AuthBy>
>
> # Log accounting to the detail file in LogDir
> AcctLogFileName %L/detail
>
> <AuthBy UNIX>
> Identifier System
> Filename /etc/shadow
> </AuthBy>
> </AuthBy>
>
> </Realm>
>
> But it still fails.
>
The AuthBy GROUP in this context is not neccessary, and your AuthByPolicy will
Reject if the user is not in the %D/users file. Try this:
<Realm DEFAULT>
AuthByPolicy ContinueUntilAccept
<AuthBy FILE>
# The filename defaults to %D/users
</AuthBy>
# Log accounting to the detail file in LogDir
AcctLogFileName %L/detail
<AuthBy UNIX>
Filename /etc/shadow
</AuthBy>
</Realm>
Just for reference, this could also be written as follows:
# construct an AuthBy GROUP with Identifier AuthByGroup
<AuthBy GROUP>
Identifier AuthByGroup
AuthByPolicy ContinueUntilReject
<AuthBy FILE>
# The filename defaults to %D/users
</AuthBy>
# Log accounting to the detail file in LogDir
AcctLogFileName %L/detail
<AuthBy UNIX>
Filename /etc/shadow
</AuthBy>
</AuthBy>
# configure the Realm DEFAULT to refer to the AuthBy GROUP
<Realm DEFAULT>
AuthBy AuthByGroup
</Realm>
This type of configuration is usually used when there are multiple clauses that
refer to the same set of AuthBy's.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
