Hello Per -
Could you please send me a copy of your configuration file (no secrets), together with a trace 4 debug from Radiator showing the startup sequence and a test authentication. There is no method in the radius protocol to prompt a user to change the expired password. regards Hugh On Thu, 16 May 2002 16:32, Per L�tkemeyer wrote: > Hello Hugh, > > I've tried your recomendation using UseGetspnamf in the AuthBy clause and > installed shadowf from Shadow-0.01.tar.gz - but with no luck..... the user > is still loged on ! > > When this works, will the user then be prompted for password change when > this is expired ? > > > > Med venlig hilsen / Kind regards > > Per L�tkemeyer > Netv�rkskonsulent > ----------------------- > DMdata a/s > [EMAIL PROTECTED] > ----------------------- > > > > > > > > Hugh Irvine <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 16-05-02 03:24 > Please respond to hugh > > > To: "Per L�tkemeyer" <[EMAIL PROTECTED]> > cc: [EMAIL PROTECTED] > Subject: Re: Fwd: (RADIATOR) problem with : Auth By SYSTEM > > > Hello Per - > > You will need the UseGetspnamf parameter in your AuthBy clause: > > # requires ftp://ftp.eur.nl/pub/homebrew/Shadow-0.01.tar.gz > > <AuthBy SYSTEM> > Identifier System > UseGetspnamf > ..... > </AuthBy> > > Have a look at section 6.36.2 in the Radiator 3.0 reference manual. > ("doc/ref.html" in the distribution). > > There is also an example in "goodies/system.cfg". > > regards > > Hugh > > > > Senario : > > > Radiator v.3 running on SuSE enterprise v.7 > > > Using "AuthBy System" for user validation > > > Radiator is used to give admin rights when telnet to routers. > > > > > > > > > Problem : > > > User account is expired but Radiator still authenticates user and > > > permits login......! > > > Se config below. > > > If the same user logs in to the server thats running radiator using > > > telnet, the message "Access denied" is displayed. > > > > > > > > > > > > Med venlig hilsen / Kind regards > > > > > > Per L�tkemeyer > > > Netv�rkskonsulent > > > ----------------------- > > > DMdata a/s > > > [EMAIL PROTECTED] > > > ----------------------- > > > > > > > > > Config-file: > > > ******************************************************************* > > > > > > #------------------------------------------------ > > > # Global parameters > > > #------------------------------------------------ > > > # > > > Foreground > > > # LogStdout > > > # > > > AuthPort 1645 > > > AcctPort 1646 > > > LogDir /var/radiator > > > LogFile /var/radiator/logfile.txt > > > DictionaryFile /usr/local/src/Radiator-3.0/dictionary > > > Trace 4 > > > # > > > #------------------------------------------------ > > > # Clients > > > #------------------------------------------------ > > > <Client DEFAULT> > > > Secret hundelort > > > Identifier Test > > > IdenticalClients 127.0.0.1 > > > </Client> > > > > > > > > > > > > ################################################ > > > # Handlers > > > ################################################ > > > > > > <Realm DEFAULT> > > > <AuthBy FILE> > > > Filename /usr/local/etc/grupper.cfg > > > </AuthBy> > > > </Realm> > > > > > > <AuthBy SYSTEM> > > > Identifier System > > > </AuthBy> > > > ******************************************************************* > > > > > > > > > > > > grupper.cfg -file : > > > ****************************************** > > > > > > #------------------------------------------------------------ > > > DEFAULT Auth-Type = System, Group = users, Client-Identifier = Test > > > cisco-avpair = "service=shell", > > > Service-Type = Administrative-User, > > > cisco-avpair = "shell:priv-lvl=15" > > > > > > ******************************************************************* > > > > > > ------------------------------------------------------- -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
