Fwd: (RADIATOR) problem with : Auth By SYSTEM

Hugh Irvine hugh at open.com.au
Thu May 16 06:23:26 CDT 2002 

Hello Per -

Could you please send me a copy of your configuration file (no secrets), 
together with a trace 4 debug from Radiator showing the startup sequence and 
a test authentication.

There is no method in the radius protocol to prompt a user to change the 
expired password.

regards

Hugh


On Thu, 16 May 2002 16:32, Per Lütkemeyer wrote:
> Hello Hugh,
>
> I've tried your recomendation using UseGetspnamf in the AuthBy clause and
> installed shadowf from Shadow-0.01.tar.gz - but with no luck..... the user
> is still loged on !
>
> When this works, will the user then be prompted for password change when
> this is expired ?
>
>
>
> Med venlig hilsen / Kind regards
>
> Per Lütkemeyer
> Netværkskonsulent
> -----------------------
> DMdata a/s
> pel at dmdata.dk
> -----------------------
>
>
>
>
>
>
>
> Hugh Irvine <hugh at open.com.au>
> Sent by: owner-radiator at open.com.au
> 16-05-02 03:24
> Please respond to hugh
>
>
>         To:     "Per Lütkemeyer" <pel at dmdata.dk>
>         cc:     radiator at open.com.au
>         Subject:        Re: Fwd: (RADIATOR) problem with : Auth By SYSTEM
>
>
> Hello Per -
>
> You will need the UseGetspnamf parameter in your AuthBy clause:
>
> # requires ftp://ftp.eur.nl/pub/homebrew/Shadow-0.01.tar.gz
>
> <AuthBy SYSTEM>
>                  Identifier System
>                  UseGetspnamf
>                  .....
> </AuthBy>
>
> Have a look at section 6.36.2 in the Radiator 3.0 reference manual.
> ("doc/ref.html" in the distribution).
>
> There is also an example in "goodies/system.cfg".
>
> regards
>
> Hugh
>
> > > Senario :
> > >   Radiator v.3  running on SuSE enterprise v.7
> > >   Using "AuthBy System" for user validation
> > >   Radiator is used to give admin rights when telnet to routers.
> > >
> > >
> > > Problem :
> > >   User account is expired but Radiator still authenticates user and
> > > permits login......!
> > >   Se config below.
> > >   If the same user logs in to the server thats running radiator using
> > > telnet, the message "Access denied" is displayed.
> > >
> > >
> > >
> > > Med venlig hilsen / Kind regards
> > >
> > > Per Lütkemeyer
> > > Netværkskonsulent
> > > -----------------------
> > > DMdata a/s
> > > pel at dmdata.dk
> > > -----------------------
> > >
> > >
> > > Config-file:
> > > *******************************************************************
> > >
> > > #------------------------------------------------
> > > # Global parameters
> > > #------------------------------------------------
> > > #
> > > Foreground
> > > # LogStdout
> > > #
> > > AuthPort 1645
> > > AcctPort 1646
> > > LogDir          /var/radiator
> > > LogFile         /var/radiator/logfile.txt
> > > DictionaryFile  /usr/local/src/Radiator-3.0/dictionary
> > > Trace           4
> > > #
> > > #------------------------------------------------
> > > # Clients
> > > #------------------------------------------------
> > > <Client DEFAULT>
> > >         Secret  hundelort
> > >         Identifier      Test
> > >         IdenticalClients        127.0.0.1
> > > </Client>
> > >
> > >
> > >
> > > ################################################
> > > # Handlers
> > > ################################################
> > >
> > > <Realm DEFAULT>
> > >     <AuthBy FILE>
> > >         Filename /usr/local/etc/grupper.cfg
> > >     </AuthBy>
> > > </Realm>
> > >
> > > <AuthBy SYSTEM>
> > >     Identifier System
> > > </AuthBy>
> > > *******************************************************************
> > >
> > >
> > >
> > > grupper.cfg -file :
> > > ******************************************
> > >
> > > #------------------------------------------------------------
> > > DEFAULT Auth-Type = System, Group = users, Client-Identifier = Test
> > >         cisco-avpair = "service=shell",
> > >         Service-Type = Administrative-User,
> > >         cisco-avpair = "shell:priv-lvl=15"
> > >
> > > *******************************************************************
> > >
> > > -------------------------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list