(RADIATOR) Blocked users getting access

[Barry Andersson]

Hi,

We authenticate via unix /etc/passwd file and also use ./users to block some
users from dialup access by setting dummy passwords in that file.

For some reason Radiator is not reading the users file or if it is then
/etc/passwd is taking precendence and letting these blocked users have
access.

Below is my radius.cfg file.

All the best

Barry Andersson


LogDir /var/log/radius
DbDir  .

Trace 4
BindAddress 203.87.53.16
AuthPort        1645
AcctPort        1646

# Localhost
<Client 203.87.53.16>
 Secret xxxxxx
 NasType ignore
        DefaultRealm auth
</Client>

#The Comindico client

#COMindico New South Wales
<Client 203.194.28.131>
 Secret xxxxxxx
 NasType ignore
        DefaultRealm auth
</Client>

<Client 203.194.28.132>
 Secret xxxxxx
 NasType ignore
        DefaultRealm auth
</Client>

#COMindico Victoria
<Client 203.194.56.120>
 Secret xxxxxx
 NasType ignore
        DefaultRealm auth
</Client>

<Client 203.194.56.121>
 Secret xxxxxx
 NasType ignore
        DefaultRealm auth
</Client>

#COMindico Queensland
<Client 203.194.59.120>
 Secret xxxxxxx
 NasType ignore
        DefaultRealm auth
</Client>

<Client 203.194.59.121>
 Secret xxxxxx
 NasType ignore
        DefaultRealm auth
</Client>

#OTHER

<Client 203.87.53.3>
 Secret xxxxxx
 NasType ignore
        DefaultRealm auth
</Client>

<Client 203.87.53.4>
 Secret xxxxxx
 NasType ignore
        DefaultRealm auth
</Client>

<SessionDatabase SQL>
 Identifier SDB1
 DBSource dbi:mysql:radius
 DBUsername xxxxx
 DBAuth xxxxxxx
</SessionDatabase SQL>

<Realm auth>
    RewriteUsername s/^([^@]+).*/$1/
    MaxSessions 1

<AuthBy FILE>
 Filename        ./users
</AuthBy>

<AuthBy SYSTEM>
 UseGetspnamf
 Identifier System
</AuthBy>

AcctLogFileName /var/log/radius/detail
</Realm>

<Realm>
 <AuthBy INTERNAL>
  AcctResult ACCEPT
  </AuthBy>
</Realm>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.