Hello Gildas,
On Feb 28, 5:52pm, Gildas PERROT wrote:
> Subject: Re: (RADIATOR) 2 questions about Radiator : fall-over solution an
> Hi,
>
> Since I have no answer with Hugh, I am posting my question to the list.
Thanks
> in advance for your help.
Hugh is travelling at present. It always best to post to the list.
>
> I am not sure I was clear enough so here is my config as suggested by Hugh :
>
> # Authentification avec fichier users
> <AuthBy SYSTEM>
> Identifier CheckSystem
> # UseGetspnam (not necessary on FreeBSD)
> </AuthBy>
>
> <AuthBy FILE>
> Identifier CheckUser
> Filename %D/users
> AddToReplyIfNotExist Service-Type=Framed-User,\
> Framed-Protocol=PPP,\
> Framed-Netmask = 255.255.255.0,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Ascend-Idle-Limit = 600
> </AuthBy>
>
> # Utilisateurs locaux
> <Realm>
> AuthByPolicy ContinueWhileAccept
> AuthBy CheckUser
> AuthBy CheckSystem
> </Realm>
>
> This config doesn't work for what I want :
>
> - I want users to be authenticated only by their login in users file (without
> any check or reply items) with default reply items returned when
> authenticated, and their password in shadow passwd file.
> - in the same time, I want some users whose check and reply items are defined
> in users file to be authenticated. Their password are in users file, not in
> shadow passwd file.
OK, I think you want to do this:
<Realm>
AuthByPolicy ContinueUntilAccept
AuthBy CheckSystem
AuthBy CheckUser
</Realm>
That way, users with a unix password will be authenticated immediately by
CheckSystem, and other users will fall through to CheckUser
Cheers.
>
> For the moment, for a user for who I have the users entry :
>
> p50bva Password = "password"
> ...
>
> I have :
>
> Tue Feb 22 18:20:11 2000: DEBUG: Handling with Radius::AuthFILE
> Tue Feb 22 18:20:11 2000: DEBUG: Radius::AuthFILE looks for match with p50bva
> Tue Feb 22 18:20:11 2000: DEBUG: Radius::AuthFILE ACCEPT:
> Tue Feb 22 18:20:11 2000: DEBUG: Handling with Radius::AuthSYSTEM
> Tue Feb 22 18:20:11 2000: DEBUG: Radius::AuthSYSTEM looks for match with
p50bva
> Tue Feb 22 18:20:11 2000: INFO: Access rejected for p50bva: No such user
>
> Any idea about the problem ?
> Thanks in advance for your help. Gildas
>
> > Salut Hugues,
> >
> > D�cidemment, je ne te l�che pas. C'est presque bon mais...
> >
> > > Salut Gildas -
> > >
> > > On Fri, 18 Feb 2000, you wrote:
> > > >
> > > > What I want is to have Auth = System for nearly every users without
having to
> > > > put Auth = System in the users file but just the login.
> > > >
> > > > > Either way is possible - let me know which you want to do.
> > > > >
> > >
> > > OK - encore une fois - on y est presque .....
> > >
> > > # configuration for FranceNet.fr
> > >
> > > # define an AuthBy SYSTEM to check passwords
> > >
> > > <AuthBy SYSTEM>
> > > Identifier CheckSystem
> > > UseGetspnam
> > > </AuthBy>
> > >
> > > # define an AuthBy FILE with defaults
> > >
> > > <AuthBy FILE>
> > > Identifier CheckUser
> > > Filename %D/users
> > > AddToReplyIfNotExist Service-Type = Framed-User, \
> > > Framed-Protocol = PPP, \
> > > Framed-IP-Address = 193.149.106.4, \
> > > Framed-IP-Netmask = 255.255.255.255, \
> > > Framed-Routing = None, \
> > > Framed-MTU = 1500, \
> > > Ascend-Idle-Limit = 600
> > > </AuthBy>
> > >
> > > # now define your normal Realms or Handlers
> > >
> > > <Realm ....>
> > > AuthByPolicy ContinueWhileAccept
> > > AuthBy CheckUser
> > > AuthBy CheckSystem
> > > </Realm>
> > >
> > > ....
> > >
> > >
> > > # file %D/users
> > >
> > > p50fr
> > >
> > > ....
> > >
> > >
> > > So - now the AuthBy FILE checks the users file first to pick up the
> > > reply attributes, then the AuthBy SYSTEM checks the password. The
AuthByPolicy
> > > will ensure that both checks must be Accept for a user to log in.
> > >
> > > Ca va comme ca? J'espere que oui, sinon ....
> >
> > The users defined with their login in %D/users and in shadow passwd file
are
> > authenticated BUT NOT users defined only in %D/users with :
> >
> > login Password = "password"
> > ...
> >
> > I got :
> >
> > Tue Feb 22 18:20:11 2000: DEBUG: Handling with Radius::AuthFILE
> > Tue Feb 22 18:20:11 2000: DEBUG: Radius::AuthFILE looks for match with
p50bva
> > Tue Feb 22 18:20:11 2000: DEBUG: Radius::AuthFILE ACCEPT:
> > Tue Feb 22 18:20:11 2000: DEBUG: Handling with Radius::AuthSYSTEM
> > Tue Feb 22 18:20:11 2000: DEBUG: Radius::AuthSYSTEM looks for match with
p50bva
> > Tue Feb 22 18:20:11 2000: INFO: Access rejected for p50bva: No such user
> >
> > D�sol� ;-)
> >
> > Any idea about that ? Thanks in advance.
Gildas.
> > --
> > Gildas PERROT, [EMAIL PROTECTED] __o
> > FranceNet, 28 rue Desaix, 75015 Paris ---_ \<,_
> > http://www.francenet.fr ---- (_)/ (_)
> >
> >
>
> --
> Gildas PERROT, [EMAIL PROTECTED] __o
> FranceNet, 28 rue Desaix, 75015 Paris ---_ \<,_
> http://www.francenet.fr ---- (_)/ (_)
>
> --
> Gildas PERROT, [EMAIL PROTECTED] __o
> FranceNet, 28 rue Desaix, 75015 Paris ---_ \<,_
> http://www.francenet.fr ---- (_)/ (_)
>
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Gildas PERROT
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, MacOS X
�
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
