(RADIATOR) Blocked users getting access
Hugh Irvine
hugh at open.com.au
Mon Jan 28 21:39:08 CST 2002
Hello Barry -
You should use an AuthByPolicy ContinueWhileAccept and add an AcceptIfMissing
to the AuthBy FILE.
# define Realm
<Realm auth>
RewriteUsername s/^([^@]+).*/$1/
MaxSessions 1
AuthByPolicy ContinueWhileAccept
<AuthBy FILE>
Filename ./users
AcceptIfMissing
</AuthBy>
<AuthBy SYSTEM>
UseGetspnamf
Identifier System
</AuthBy>
AcctLogFileName /var/log/radius/detail
</Realm>
On Tue, 29 Jan 2002 14:14, Barry Andersson wrote:
> Hi,
>
> We authenticate via unix /etc/passwd file and also use ./users to block
> some users from dialup access by setting dummy passwords in that file.
>
> For some reason Radiator is not reading the users file or if it is then
> /etc/passwd is taking precendence and letting these blocked users have
> access.
>
> Below is my radius.cfg file.
>
> All the best
>
> Barry Andersson
>
>
> LogDir /var/log/radius
> DbDir .
>
> Trace 4
> BindAddress 203.87.53.16
> AuthPort 1645
> AcctPort 1646
>
> # Localhost
> <Client 203.87.53.16>
> Secret xxxxxx
> NasType ignore
> DefaultRealm auth
> </Client>
>
> #The Comindico client
>
> #COMindico New South Wales
> <Client 203.194.28.131>
> Secret xxxxxxx
> NasType ignore
> DefaultRealm auth
> </Client>
>
> <Client 203.194.28.132>
> Secret xxxxxx
> NasType ignore
> DefaultRealm auth
> </Client>
>
> #COMindico Victoria
> <Client 203.194.56.120>
> Secret xxxxxx
> NasType ignore
> DefaultRealm auth
> </Client>
>
> <Client 203.194.56.121>
> Secret xxxxxx
> NasType ignore
> DefaultRealm auth
> </Client>
>
> #COMindico Queensland
> <Client 203.194.59.120>
> Secret xxxxxxx
> NasType ignore
> DefaultRealm auth
> </Client>
>
> <Client 203.194.59.121>
> Secret xxxxxx
> NasType ignore
> DefaultRealm auth
> </Client>
>
> #OTHER
>
> <Client 203.87.53.3>
> Secret xxxxxx
> NasType ignore
> DefaultRealm auth
> </Client>
>
> <Client 203.87.53.4>
> Secret xxxxxx
> NasType ignore
> DefaultRealm auth
> </Client>
>
> <SessionDatabase SQL>
> Identifier SDB1
> DBSource dbi:mysql:radius
> DBUsername xxxxx
> DBAuth xxxxxxx
> </SessionDatabase SQL>
>
> <Realm auth>
> RewriteUsername s/^([^@]+).*/$1/
> MaxSessions 1
>
> <AuthBy FILE>
> Filename ./users
> </AuthBy>
>
> <AuthBy SYSTEM>
> UseGetspnamf
> Identifier System
> </AuthBy>
>
> AcctLogFileName /var/log/radius/detail
> </Realm>
>
> <Realm>
> <AuthBy INTERNAL>
> AcctResult ACCEPT
> </AuthBy>
> </Realm>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list