guest acces?
Matt Ashfield
mda at unb.ca
Thu Mar 1 19:07:58 CET 2007
Hi,
I'm using EAP-TTLS-PAP aginst LDAP, however I want to provide guest access
to users without adding these users to the LDAP directory.
I know I could add them as local users to the /etc/raddb/users file, but
that would involve a SIGHUP, and I'd prefer to avoid that if I could.
Instead, what I'd like to do is create a user account on the radius server
itself (with nologin, and an expiry, no rights, etc..). This could be done
"on-the-fly" and therefore require no such SIGHUP.
Now I know Alan does not recommend DEFAULT Auth-Type, but for here, I think
it might be necessary. So in my users file, I added the following:
DEFAULT Auth-Type := System
Fall-Through = Yes
Thinking that would allow my users who have accounts on the server to login.
However, that is not working because in the logs in debug mode I see:
Debug: modcall: group authorize returns ok for request 0
Debug: rad_check_password: Found Auth-Type System
Debug: auth: type "System"
Debug: ERROR: Unknown value specified for Auth-Type. Cannot perform
requested action.
Debug: auth: Failed to validate the user.
I'm sure it's something small I'm missing, but can't find it. That or this
is not possible and I'm missing the reason why for that too!
Any advice is appreciated.
Thanks
Matt
mda at unb.ca
More information about the Freeradius-Users
mailing list