[RADIATOR] group DEFAULT. No matching AuthorizeGroup rule
Heikki Vatiainen
hvn at open.com.au
Mon Nov 19 15:32:42 CST 2012
On 11/19/2012 10:13 AM, Murat Bilal wrote:
> <ServerTACACSPLUS>
> GroupMemberAttr OSC-AVPAIR
Hello Murat,
note that you have set GroupMemberAttr to OSC-AVPAIR here.
> <Handler>
> <AuthBy SQL>
> AuthColumnDef 1, OSC-Group-Identifier, reply
Here you are adding OSC-Group-Identifier to the reply. Maybe this should
be OSC-AVPAIR or alternatively you should have GropMemberAttr set to
OSC-Group-Identifier in ServerTACACSPLUS.
Also, since you have not changed AuthSelect from the default, you should
select it to something like
AuthSelect select PASSWORD,TACACSGROUPID from SUBSCRIBERS
and define
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, OSC-Group-Identifier, reply
This will check the request password and and the desired group name to
reply if password check succeeds.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list