Hello Dawn -
On Fri, 28 Jan 2000, Dawn Lovell wrote:
>
> We're having some problems with the Class attribute being set improperly
> when using the Group= check item. What we're trying to do is have a set
> of trial userids log to a different detail file than the non-trial users.
> We've put all of the trial users in a unix group (trial) and set the
> Class attribute to "trial" for users who match the Group=trial check item.
> We then log to detail%{Class}.
>
> We're seeing apparently random cases of non-trial userids having the
> Class attribute set to trial and therefore having their accounting info
> go to the wrong detail file.
>
> Our server is running Solaris 7 and Radiator 2.14.1, with the latest
> patches and the shadows module. I've attached debug output for one
> particular session; the userid in question is in group 1000, not group
> 2000 (the trial group). It looks like getpwnam is getting the correct
> group (1000) for the user.
>
I can't see anything wrong with your configuration, and the trace that sent
confirms that Radiator is doing the right thing. You can see that Radiator
correctly checks for "user1" and returns the correct reply attributes (not
including a Class attribute). What you see next though is the NAS sends an
accounting packet with the Class attribute set. This would be a NAS problem,
not a Radiator problem.
I am concerned however in the debug output there are multiple duplicate access
requests arriving from the NAS. This makes me think there might be some other
problem, as is indicated by the fact that the access requests all have the
identifier "252" and Radiator is ignoring them as duplicates, even after
Radiator receives the accounting request.
I think you will have to look at the NAS to see why it is not doing the right
thing. Please let us know what you find.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
