(RADIATOR) Group and NT Auth

Hugh Irvine hugh at open.com.au
Thu Jul 5 03:11:33 CDT 2001 

Hello Anton -

You need to use cascaded AuthBy clauses to pass a Group tag.

Here is an example configuration file:

# define AuthBy clauses

<AuthBy FILE>
	Identifier CheckUserAndGroup
	.....
</AuthBy>

<AuthBy NT>
	Identifier CheckNT
	.....
</AuthBy>

# define Realms or Handlers

<Realm ....>
	AuthBy CheckUserAndGroup
	....
</Realm>


And the contents of the file referenced by the AuthBy FILE clause:

# define DEFAULT users (or individual users) with Group check items

DEFAULT Auth-Type = CheckNT, Group = .....

.....



If you have any further questions, don't hesitate to ask.

regards

Hugh


At 21:29 -0500 01/7/4, Anton Krall wrote:
>Its version 2.18.1
>
>The pw error seems to be fixed upgrading to 2.18.1.. but I still dont
>quite grasp the authby and auth-type stuff.. :) anybody has some code
>I can look at?
>
>Saludos
>
>Anton Krall
>Director de Tecnologia
>Inter.net Mexico
>(www.mx.inter.net)
>Email: akrall at team.inter.net
>Directo: 5-241-7609
>Conmutador: 5-241-7600
>Mobile: 044-5105-5160
>
>Outside Mexico:
>Office: (525)241-7609
>PBX: (525)241-7600
>Mobile: (525)105-5160
>
>
>Wednesday, July 04, 2001, 9:11:27 PM, you wrote:
>
>MA> What version of Radiator are you using.
>MA> In the old version he had the program change the persons PW as a form of
>MA> authentication but under Win2k it wouldn't allow the user to change the pw
>MA> to the same thing they already had.
>
>MA> Also.. make sure that when you log in with the password its not 
>forcing the
>MA> user to change it. That might cause the failure you are getting.
>
>
>MA> Just a thought.
>
>MA> -Michael Audet
>MA> Network Services
>MA> Chubb & Son
>MA> maudet at chubb.com
>
>MA> ----- Original Message -----
>MA> From: "Anton Krall" <akrall at team.inter.net>
>MA> To: <radiator at open.com.au>
>MA> Sent: Wednesday, July 04, 2001 3:49 PM
>MA> Subject: Re: (RADIATOR) Group and NT Auth
>
>
>>>  This is what Im getting on ly logs:
>>>
>>>  *** Received from 10.0.0.1 port 1645 ....
>>>  Code:       Access-Request
>>>  Identifier: 125
>>>  Authentic:  ><159><236><181>J<187><216>1<22><151><132>m<162>3<240>i
>>>  Attributes:
>>>          User-Name = "akrall2"
>>>          NAS-IP-Address = 10.0.0.1
>>>          User-Password =
>MA> "<131><154><192>6<184>3><165><172><26><216><185><255><1
>>>  7><204><1>"
>>>          NAS-Port = 5
>>>
>>>  Wed Jul  4 14:47:41 2001: DEBUG: Handling request with Handler
>MA> 'Realm=DEFAULT'
>>>  Wed Jul  4 14:47:41 2001: DEBUG: SDB1 Deleting session for akrall2,
>MA> 10.0.0.1, 5
>>>  Wed Jul  4 14:47:41 2001: DEBUG: Handling with NT
>>>  Wed Jul  4 14:47:41 2001: INFO: Access rejected for akrall2: NT
>MA> CheckPassword f
>>>  iled: 5: Access is denied.
>>>
>>>  Wed Jul  4 14:47:41 2001: DEBUG: Packet dump:
>>>  *** Sending to 10.0.0.1 port 1645 ....
>>>  Code:       Access-Reject
>>>  Identifier: 125
>>>  Authentic:  ><159><236><181>J<187><216>1<22><151><132>m<162>3<240>i
>>>  Attributes:
>>>          Reply-Message = "Request Denied"
>>>          Reply-Message = "NT CheckPassword failed: 5: Access is
>MA> denied.<13><10>"
>>>
>>>
>>>
>>>  Saludos
>>>
>>>  Anton Krall
>>>  Director de Tecnologia
>>>  Inter.net Mexico
>>>  (www.mx.inter.net)
>>>  Email: akrall at team.inter.net
>>>  Directo: 5-241-7609
>>>  Conmutador: 5-241-7600
>>>  Mobile: 044-5105-5160
>>>
>>>  Outside Mexico:
>>>  Office: (525)241-7609
>>>  PBX: (525)241-7600
>>>  Mobile: (525)105-5160
>>>
>>>  ______________________
>>>
>>>  Wednesday, July 04, 2001, 12:56:31 PM, you wrote:
>>>
>>>  AK> Guys.-
>>>
>>>  AK> Im using Auth NT to run radiator under nt to auth with my firewall..
>>>
>>>  AK> Everything is working fine except that I cant the Group = XXX inside
>>>  AK> the Authby NT to work.
>>>
>>>  AK> How do you make sure a user belong to a certain group in NT and also,
>>>  AK> how can you nest Authyby? I think I can use the identifiers on Authby
>>>  AK> to cascade Authbys, am I right?
>>>
>>>  AK> And how do I make the Group clause in Authby work?
>>>
>>>
>>>
>>>  AK> Saludos
>>>
>>>  AK> Anton Krall
>>>  AK> Director de Tecnologia
>>>  AK> Inter.net Mexico
>  >> AK> (www.mx.inter.net)
>>>  AK> Email: akrall at team.inter.net
>>>  AK> Directo: 5-241-7609
>>>  AK> Conmutador: 5-241-7600
>>>  AK> Mobile: 044-5105-5160
>>>
>>>  AK> Outside Mexico:
>>>  AK> Office: (525)241-7609
>>>  AK> PBX: (525)241-7600
>>>  AK> Mobile: (525)105-5160
>>>
>>>  AK> ===
>>>  AK> Archive at http://www.open.com.au/archives/radiator/
>>>  AK> Announcements on radiator-announce at open.com.au
>>>  AK> To unsubscribe, email 'majordomo at open.com.au' with
>>>  AK> 'unsubscribe radiator' in the body of the message.
>>>
>>>  ===
>>>  Archive at http://www.open.com.au/archives/radiator/
>>>  Announcements on radiator-announce at open.com.au
>>>  To unsubscribe, email 'majordomo at open.com.au' with
>>>  'unsubscribe radiator' in the body of the message.
>>>
>
>===
>Archive at http://www.open.com.au/archives/radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.

-- 

NB: I am travelling this week, so there may be delays in our correspondence.

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list