Hello Griff -
You are correct, if a Client clause does not catch a request, it should be
rejected. An easy test is to dummy up some authentication requests with
radpwtst and do some experiments. Use a trace 4 and check what is happening.
hth
Hugh
On Wednesday 21 March 2001 09:16, Griff Hamlin wrote:
Hello all,
I've noticed that several people have been authenticated on my server
when the routers are not listed in the client list. How can this be? I
was under the impression from the documentation that if the router is
not listed, and no default is given, it should be immediately rejected.
Please advise. My radius config file is below with many routers removed
for brevity, and the secrets missing. The users that are calling in on
these routers are in the database, and are being accepted as they should
be. However, I though that they should not be authenticated since their
routers are not in the config file.
Griff Hamlin, III
_
# Radiator configuration file
Trace 3
# Directory where logfile and details file are
LogDir /var/adm/radacct
# Database directory. Should contain:
# users The user database
# dictionary The dictionary for your NAS
DbDir /etc/raddb
AuthPort 1645
AcctPort 1646
# Global parameters
LivingstonOffs 22
LivingstonHole 1
# Handle all users from all other realms by looking them up
# in the users file at /etc/raddb/users.
Handler
RewriteUsername s/^([^@]+).*/$1/
AuthBy GROUP
AuthByPolicy ContinueUntilAccept
AuthBy QuikRadAcct
# authorize by the module AuthQuikRadAcct.pm
/AuthBy
AuthBy FILE
Filename %D/blkspam.1
DefaultReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Address = 10.10.10.10,\
Session-Timeout = 25,\
Idle-Timeout = 20
/AuthBy
AuthBy FILE
Filename %D/blkspam.2
DefaultReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Address = 10.10.10.10,\
Session-Timeout = 25,\
Idle-Timeout = 20
/AuthBy
AuthBy FILE
Filename %D/blkspam.3
DefaultReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Address = 10.10.10.10,\
Session-Timeout = 25,\
Idle-Timeout = 20
/AuthBy
AuthBy FILE
Filename %D/blkspam.4
DefaultReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Address = 10.10.10.10,\
Session-Timeout = 25,\
Idle-Timeout = 20
/AuthBy
AuthBy FILE
# This is primarily for test accounts not entered in Cheetah.
Filename %D/users.head
/AuthBy
AuthBy QuikRad# authorize by the module AuthQuikRad.pm
/AuthBy
/AuthBy
# Log accounting to the detail file in LogDir/client
AcctLogFileName %L/%c/detail
# MaxSessions 1
/Handler
# Allows us to honour requests from radpwtst on the same host.
Client localhost
DupInterval 0
Secret xx
/Client
#63.169.132.243 O1 Communications proxy
Client 63.169.132.243
Secret xx
/Client
#63.169.132.244 O1 Communications proxy
Client 63.169.132.244
Secret xx
/Client
#63.169.132.245 O1 Communications proxy
Client 63.169.132.245
Secret xx
/Client
#63.169.132.248 O1 Communications proxy
Client 63.169.132.248
Secret xx
/Client
#63.169.132.249 O1 Communications proxy
Client 63.169.132.249
Secret xx
/Client
#64.114.5.254 Chilliwack 1
Client 64.114.5.254
Secret xx
NasType Livingston
SNMPCommunity quik77
/Client
#140.186.142.2 Boston 2
Client 140.186.142.2
Secret xx
NasType Livingston
SNMPCommunity quik77
/Client
#140.186.142.100Boston Ascend
Client 140.186.142.100
Secret xxx
NasType Livingston
SNMPCommunity quik77
/Client
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.