Fwd: (RADIATOR) problem with : Auth By SYSTEM
Per Lütkemeyer
pel at dmdata.dk
Thu May 16 01:32:08 CDT 2002
Hello Hugh,
I've tried your recomendation using UseGetspnamf in the AuthBy clause and installed shadowf from Shadow-0.01.tar.gz
- but with no luck..... the user is still loged on !
When this works, will the user then be prompted for password change when
this is expired ?
Med venlig hilsen / Kind regards
Per Lütkemeyer
Netværkskonsulent
-----------------------
DMdata a/s
pel at dmdata.dk
-----------------------
Hugh Irvine <hugh at open.com.au>
Sent by: owner-radiator at open.com.au
16-05-02 03:24
Please respond to hugh
To: "Per Lütkemeyer" <pel at dmdata.dk>
cc: radiator at open.com.au
Subject: Re: Fwd: (RADIATOR) problem with : Auth By SYSTEM
Hello Per -
You will need the UseGetspnamf parameter in your AuthBy clause:
# requires ftp://ftp.eur.nl/pub/homebrew/Shadow-0.01.tar.gz
<AuthBy SYSTEM>
Identifier System
UseGetspnamf
.....
</AuthBy>
Have a look at section 6.36.2 in the Radiator 3.0 reference manual.
("doc/ref.html" in the distribution).
There is also an example in "goodies/system.cfg".
regards
Hugh
> >
> > Senario :
> > Radiator v.3 running on SuSE enterprise v.7
> > Using "AuthBy System" for user validation
> > Radiator is used to give admin rights when telnet to routers.
> >
> >
> > Problem :
> > User account is expired but Radiator still authenticates user and
> > permits login......!
> > Se config below.
> > If the same user logs in to the server thats running radiator using
> > telnet, the message "Access denied" is displayed.
> >
> >
> >
> > Med venlig hilsen / Kind regards
> >
> > Per Lütkemeyer
> > Netværkskonsulent
> > -----------------------
> > DMdata a/s
> > pel at dmdata.dk
> > -----------------------
> >
> >
> > Config-file:
> > *******************************************************************
> >
> > #------------------------------------------------
> > # Global parameters
> > #------------------------------------------------
> > #
> > Foreground
> > # LogStdout
> > #
> > AuthPort 1645
> > AcctPort 1646
> > LogDir /var/radiator
> > LogFile /var/radiator/logfile.txt
> > DictionaryFile /usr/local/src/Radiator-3.0/dictionary
> > Trace 4
> > #
> > #------------------------------------------------
> > # Clients
> > #------------------------------------------------
> > <Client DEFAULT>
> > Secret hundelort
> > Identifier Test
> > IdenticalClients 127.0.0.1
> > </Client>
> >
> >
> >
> > ################################################
> > # Handlers
> > ################################################
> >
> > <Realm DEFAULT>
> > <AuthBy FILE>
> > Filename /usr/local/etc/grupper.cfg
> > </AuthBy>
> > </Realm>
> >
> > <AuthBy SYSTEM>
> > Identifier System
> > </AuthBy>
> > *******************************************************************
> >
> >
> >
> > grupper.cfg -file :
> > ******************************************
> >
> > #------------------------------------------------------------
> > DEFAULT Auth-Type = System, Group = users, Client-Identifier = Test
> > cisco-avpair = "service=shell",
> > Service-Type = Administrative-User,
> > cisco-avpair = "shell:priv-lvl=15"
> >
> > *******************************************************************
> >
> > -------------------------------------------------------
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20020516/a04a1981/attachment.html>
More information about the radiator
mailing list