Re: (RADIATOR) Groups

Wed, 19 Apr 2000 17:50:33 -0700

Hello,

Still not having any luck with checking groups, i do believe that we do not want to use the local unix group file. At the current moment, i am authenticating from the mysql database but we will change to authenticating from a UNIX password file but getting the user attributes off the mysql database when we get the thing up and running. The user in the database has an checkattr of Group = unlimited

I've setup the default user file with the following:

DEFAULT Auth-Type = CheckSQL, Group = unlimited
                  Service-Type = Framed-User

The relevant part of the radius.cfg file is below :-

<Realm DEFAULT>
<AuthBy FILE>
        Filename /usr/local/etc/default-users
</AuthBy>
</Realm>
<AuthBy SQL>
        Identifier CheckSQL
        DBSource        dbi:mysql:radius
        DBUsername      xxxx
        DBAuth              xxxx
        AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
        from SUBSCRIBERS where USERNAME='%n'
        AuthColumnDef 0, User-Password, check
        AuthColumnDef 1, GENERIC, check
        AuthColumnDef 2, GENERIC, reply
</AuthBy>


The following errors are log with trace 4 :-

Thu Apr 20 09:42:20 2000: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Apr 20 09:42:20 2000: DEBUG:  Deleting session for colin, 202.9.224.22, 50
Thu Apr 20 09:42:20 2000: DEBUG: do query is: delete from RADONLINE where NASIDE
NTIFIER='202.9.224.22' and NASPORT=050

Thu Apr 20 09:42:20 2000: DEBUG: Handling with Radius::AuthFILE
Thu Apr 20 09:42:20 2000: DEBUG: Handling with Radius::AuthFILE
Thu Apr 20 09:42:20 2000: DEBUG: Radius::AuthFILE looks for match with colin
Thu Apr 20 09:42:20 2000: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Thu Apr 20 09:42:20 2000: DEBUG: Handling with Radius::AuthSQL
Thu Apr 20 09:42:20 2000: DEBUG: Handling with Radius::AuthSQL
Thu Apr 20 09:42:20 2000: DEBUG: Query is: select PASSWORD, CHECKATTR, REPLYATTR
 from SUBSCRIBERS where USERNAME='colin'

Thu Apr 20 09:42:20 2000: DEBUG: Radius::AuthSQL looks for match with colin
Thu Apr 20 09:42:20 2000: WARNING: This AuthBy does not know how to check Group
membership
Thu Apr 20 09:42:20 2000: DEBUG: Radius::AuthSQL REJECT: User colin is not in Gr
oup unlimited
Thu Apr 20 09:42:20 2000: DEBUG: Query is: select PASSWORD, CHECKATTR, REPLYATTR
 from SUBSCRIBERS where USERNAME='DEFAULT'

Thu Apr 20 09:42:20 2000: DEBUG: Radius::AuthFILE REJECT: User colin is not in G
roup unlimited
Thu Apr 20 09:42:20 2000: INFO: Access rejected for colin: User colin is not in
Group unlimited
Thu Apr 20 09:42:20 2000: DEBUG: Packet dump:
*** Sending to 202.9.224.22 port 1645 ....
Code:       Access-Reject
Identifier: 71
Authentic:  <134><203><18>c%<213>J<144><142>M<207><247>6<215>!<207>
Attributes:
        Reply-Message = "Request Denied"

Hope someone out there can shed some light on the situation, Thanks.

Reply via email to