[RADIATOR] "IgnoreIfMissing" required?

Hugh Irvine hugh at open.com.au
Sun Jan 20 01:30:37 UTC 2019


Hi Christian -

You can use multiple entries like this (which is what Radiator actually does):


DEFAULT User-Name = /…../
	…..

DEFAULT1 User-Name = /…../
	…..

DEFAULT2 User-Name = /…../
	……

regards

Hugh


this users file


DEFAULT User-Name = /hugh/
        Reply-Message = DEFAULT

DEFAULT1 User-Name = /christian/
        Reply-Message = DEFAULT1


gives this


TiTi:Radiator-4.22 hugh$ perl radpwtst -user hugh -noacct

sending Access-Request
Sun Jan 20 12:25:46 2019: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 51846 ....
Code:       Access-Request
Identifier: 128
Authentic:  <140><155>?c<169><233><232><186>)O<187><209>x<198>O;
Attributes:
	User-Name = "hugh"
	Service-Type = Framed-User
	NAS-IP-Address = 203.63.154.1
	NAS-Identifier = "203.63.154.1"
	NAS-Port = 1234
	Called-Station-Id = "123456789"
	Calling-Station-Id = "987654321"
	NAS-Port-Type = Async
	User-Password = <249><192><157><15>A?<208><174><205><136>K<22>[<243><173>J

Sun Jan 20 12:25:46 2019: DEBUG: Handling request with Handler '', Identifier ''
Sun Jan 20 12:25:46 2019: DEBUG: SessINTERNAL: Deleting session for hugh, 203.63.154.1, 1234
Sun Jan 20 12:25:46 2019: DEBUG: Handling with Radius::AuthFILE: 
Sun Jan 20 12:25:46 2019: DEBUG: Radius::AuthFILE looks for match with hugh [hugh]
Sun Jan 20 12:25:46 2019: DEBUG: Radius::AuthFILE REJECT: No such user: hugh [hugh]
Sun Jan 20 12:25:46 2019: DEBUG: Radius::AuthFILE looks for match with DEFAULT [hugh]
Sun Jan 20 12:25:46 2019: DEBUG: Radius::AuthFILE ACCEPT: : DEFAULT [hugh]
Sun Jan 20 12:25:46 2019: DEBUG: AuthBy FILE result: ACCEPT, 
Sun Jan 20 12:25:46 2019: DEBUG: Access accepted for hugh
Sun Jan 20 12:25:46 2019: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 51846 ....
Code:       Access-Accept
Identifier: 128
Authentic:  <23>:P<234>r_UQ<27>_<248><162><138><132>e<151>
Attributes:
	Reply-Message = "DEFAULT"

OK

TiTi:Radiator-4.22 hugh$ perl radpwtst -user christian -noacct

sending Access-Request
Sun Jan 20 12:26:01 2019: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 50283 ....
Code:       Access-Request
Identifier: 198
Authentic:  <217><14> &<250>CJ<225><150>l<190><255>X>)_
Attributes:
	User-Name = "christian"
	Service-Type = Framed-User
	NAS-IP-Address = 203.63.154.1
	NAS-Identifier = "203.63.154.1"
	NAS-Port = 1234
	Called-Station-Id = "123456789"
	Calling-Station-Id = "987654321"
	NAS-Port-Type = Async
	User-Password = 4<14><171><244>>+<239><24>p<208><211><23>jl6<16>

Sun Jan 20 12:26:01 2019: DEBUG: Handling request with Handler '', Identifier ''
Sun Jan 20 12:26:01 2019: DEBUG: SessINTERNAL: Deleting session for christian, 203.63.154.1, 1234
Sun Jan 20 12:26:01 2019: DEBUG: Handling with Radius::AuthFILE: 
Sun Jan 20 12:26:01 2019: DEBUG: Radius::AuthFILE looks for match with christian [christian]
Sun Jan 20 12:26:01 2019: DEBUG: Radius::AuthFILE REJECT: No such user: christian [christian]
Sun Jan 20 12:26:01 2019: DEBUG: Radius::AuthFILE looks for match with DEFAULT [christian]
Sun Jan 20 12:26:01 2019: DEBUG: Radius::AuthFILE REJECT: Check item User-Name expression '/hugh/' does not match 'christian' in request: DEFAULT [christian]
Sun Jan 20 12:26:01 2019: DEBUG: Radius::AuthFILE looks for match with DEFAULT1 [christian]
Sun Jan 20 12:26:01 2019: DEBUG: Radius::AuthFILE ACCEPT: : DEFAULT1 [christian]
Sun Jan 20 12:26:01 2019: DEBUG: AuthBy FILE result: ACCEPT, 
Sun Jan 20 12:26:01 2019: DEBUG: Access accepted for christian
Sun Jan 20 12:26:01 2019: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 50283 ....
Code:       Access-Accept
Identifier: 198
Authentic:  D<146>.<209> <193><134>}n<165> <16><22><137>n<186>
Attributes:
	Reply-Message = "DEFAULT1"

OK


> On 20 Jan 2019, at 10:24, Christian Meutes <christian at errxtx.net> wrote:
> 
> Hi Hugh.
> 
> On Sat, Jan 19, 2019 at 10:52 PM Hugh Irvine <hugh at open.com.au> wrote:
>> Well, you can have multiple DEFAULT entries like this:
>> 
>> 
>> DEFAULT User-Name = /something/
>>        ……
>> 
>> DEFAULT User-Name = /whatever/
>>        …..
>> 
>> and so on.
>> 
>> Does that work for you?
> 
> the RADMIN 'RADUSERS'-table has an index on the 'USERNAME'-column
> which has the unique constraint. Creating multiple users with
> 'DEFAULT' as username doesn't work there. :-(
> 
> Thanks
> -- 
> Christian


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.



More information about the radiator mailing list