On 05/23/2012 11:45 PM, Derek Rider wrote: > Our current 3.15 radius.cfg, for the default > realm, authenticates users with the Authby File: > > <Realm DEFAULT> > > AuthByPolicy ContinueAlways
Hello Derek, with ContinueAlways policy, the outcome from the Realm depends on the last AuthBy. So I would think UserOne gets a reject since there are only UserTwo and UserTHree in the uniquedevice1 file. That happens regardless of accept from the first AuthBy. For users UserTwo and UserThree the first AuthBy does not matter since the users are not listed there. Maybe you could reply with logs and tell if there's something more in the configuration. It's a bit hard to say why it behaves differently now than with 3.15. I tried this briefly with 3.15 and got the same results both versions. Thanks! Heikki > <AuthBy FILE> > Filename %D/tacacsusers > </AuthBy> > > <AuthBy FILE> > Filename %D/uniquedevice1 > </AuthBy> ...... > > The file tacacusers has entries like the following: > > UserOne > Tacacs-Group = ADMIN...... > > The uniquedevice1 file has entries like the following: > > UserTwo NAS-IP-Address = 111.111.111.111 > Tacacs-Group = READNOCONFIG > UserThree NAS-IP-Address = 111.111.111.111 > Tacacs-Group = READNOCONFIG > > In the 3.15 environment, the users in the above example get authenticated > properly. In the 4.9 environment, UserOne gets authenticated properly, but > UserTwo or UserThree do not. We changed the Tacacs-Group to be ADMIN for > UserOne, restarted the service and we still do not authenticate properly. > When we try to limit access by IP address, it does not seem to work. What > could I be missing? Any help would be greatly appreciated. -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
