[RADIATOR] Configuration Question 3.15 vs. 4.9
Heikki Vatiainen
hvn at open.com.au
Thu May 24 09:25:42 CDT 2012
On 05/23/2012 11:45 PM, Derek Rider wrote:
> Our current 3.15 radius.cfg, for the default
> realm, authenticates users with the Authby File:
>
> <Realm DEFAULT>
>
> AuthByPolicy ContinueAlways
Hello Derek,
with ContinueAlways policy, the outcome from the Realm depends on the
last AuthBy. So I would think UserOne gets a reject since there are only
UserTwo and UserTHree in the uniquedevice1 file. That happens regardless
of accept from the first AuthBy.
For users UserTwo and UserThree the first AuthBy does not matter since
the users are not listed there.
Maybe you could reply with logs and tell if there's something more in
the configuration. It's a bit hard to say why it behaves differently now
than with 3.15. I tried this briefly with 3.15 and got the same results
both versions.
Thanks!
Heikki
> <AuthBy FILE>
> Filename %D/tacacsusers
> </AuthBy>
>
> <AuthBy FILE>
> Filename %D/uniquedevice1
> </AuthBy> ......
>
> The file tacacusers has entries like the following:
>
> UserOne
> Tacacs-Group = ADMIN......
>
> The uniquedevice1 file has entries like the following:
>
> UserTwo NAS-IP-Address = 111.111.111.111
> Tacacs-Group = READNOCONFIG
> UserThree NAS-IP-Address = 111.111.111.111
> Tacacs-Group = READNOCONFIG
>
> In the 3.15 environment, the users in the above example get authenticated
> properly. In the 4.9 environment, UserOne gets authenticated properly, but
> UserTwo or UserThree do not. We changed the Tacacs-Group to be ADMIN for
> UserOne, restarted the service and we still do not authenticate properly.
> When we try to limit access by IP address, it does not seem to work. What
> could I be missing? Any help would be greatly appreciated.
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list