On Wed, 19 Jan 2000, Paul Thornton wrote:
> Hi,
>
> I am still experiencing a dilema with a check item problem (which is not
> the check item itself as you will see from the Debug output) What is
> happening is that the user "foobar" is being rejected due to a Caller-ID
> failure (which is what we want) and then being accepted by the DEFAULT
> option above the foobar entry in the user file. (I am assuming)
>
> I can see where it is being rejected but then for some reason it wants to
> continue on and verify them using AuthUnix. I can guarantee that this user
> foobar is AFTER the DEFAULT entry in the users file, even though it comes
> up looking for this entry. (I have been told (by Mike) that the order is
> not important anyway, but do have it in this order)
>
The order in the users file is not important, because Radiator will *always*
check for DEFAULT *after* anything else. So what you are seeing is completely
normal behaviour. What I suggest is that you create two users files, one with
ordinary users and the other with just your DEFAULTS, then use an AuthByPolicy
to check both files. If the first one Rejects, the other won't be checked.
Here is something to start with:
# configuration for Paul Thornton - Dove
AuthPort 1645
AcctPort 1646
# Trace 4
BindAddress x.x.x.x
LogDir /usr1/log/radius
# LogStdout
DbDir /usr/local/etc/raddb
DictionaryFile /usr/local/etc/raddb/dictionary
<Client xxx.xx.xx.x>
Secret xxxxxx
DupInterval 180
</Client>
<AuthBy UNIX>
Identifier System
Filename /etc/master.passwd
</AuthBy>
# note the AcctLogFileFormat is messed up
<Realm DEFAULT>
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
AcctLogFileName %L/detail
AcctLogFileFormat
%{NAS-Port}|%U|%C|%a|dove|PPP|%{Acct-Status-Type}|%t|%
{Acct-Session-Id}|%{Acct-Terminate-Cause}|%{Acct-Output-Octets}|%{Calling-Statio
n-Id}|%{USR-Connect-Speed}
PasswordLogFileName %L/logfile
AuthByPolicy ContinueWhileIgnore
<AuthBy FILE>
Filename /usr/local/etc/raddb/users
</AuthBy>
<AuthBy FILE>
Filename /usr/local/etc/raddb/default-users
</AuthBy>
</Realm>
Then in your users file you would have your normal users:
# file /usr/local/etc/raddb/users
foobar Auth-Type = System, Calling-Station-Id = "1111"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Framed-IP-Address = 1.2.3.4
....
And in your default-users file you would have your DEFAULT's
# file /usr/local/etc/raddb/default-users
DEFAULT Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Reply-Message = "Welcome to DOVE Austalia"
....
This way, if a user is Rejected in the first file, they will be Rejected. If
the user is not found in the first file, the second file will be checked.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
