(RADIATOR) about Auth bySYSTEM

Jesús M Díaz jesus.diaz at telia-iberia.com
Wed Oct 10 04:19:43 CDT 2001


Hi all,

i want to authenticate some of my remote user against the unix system
method. i put at my config file:

<Realm XXX>
  AuthByPolicy           ContinueWhileAccept
  SessionDatabase        RADONLINE
  AcctLogFileName        %L/logfile
  RewriteUsername        s/^([^@]+).*/$1/
  <AuthBy SYSTEM>
  </AuthBy>
  <AuthBy FILE>
    DynamicCheck         NAS-Identifier
    DynamicCheck         Group
    Filename             %D/privilegios
  </AuthBy>
</Realm>


the file 'privilegios' contains:

DEFAULT      NAS-Identifier = %N
             Service-Type = Administrative-User

DEFAULT      NAS-Identifier = "", Group = 1000
             Service-Type = Login-User,
             cisco-avpair = "shell:priv-lvl=5"


but whe Radiator recives an access-request for one of that users, it
denies the access and log:

"20011008160221. WARNING: This AuthBy does not know how to check
Group membership"

i look to the AuthSYSTEM.pm module, and i can see that the routine
knows all data about the user ($name, $passwd, $uid, $gid, $quota,
$comment, $gcos, $dir, $shell), but it only grab as an attribute the
expiration date if exists. why?

i have tried to add as an attribute the gid, whit the line
"$user->get_check->add_attr('Group', $gid);", but now, when Radiatos
gets a request for the user, it logs denies and logs:

20011008163130. DEBUG: Rewrote user name to user at realm
20011008163130. DEBUG: Handling request with Handler 'Realm=realm'
20011008163130. DEBUG: Rewrote user name to user
20011008163130. DEBUG: RADonline Deleting session for user at realm,
a.b.c.d, 2
20011008163130. DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='a.b.c.d' and NASPORT=02
20011008163130. DEBUG: Handling with Radius::AuthSYSTEM
20011008163130. DEBUG: getpwnam got user, crypt_pass, uid, gid, , , ,
homedir, shell, 
20011008163130. DEBUG: Radius::AuthSYSTEM looks for match with user
20011008163130. DEBUG: Radius::AuthSYSTEM REJECT: User user is not in
Group 1000
20011008163130. INFO: Access rejected for jesusm: User user is not in
Group 1000

where is the problem? do you understand my question?

thanks in advance



Jesus M Diaz <jesus.diaz at telia-iberia.com>

ONO Service Provider
Planificación y Diseño de Red
Tfno: +34 91 623 2909
Fax:  +34 91 623 2911


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list