Getting groups to work, from a group file

Madsen.Jan JMD JMD at kmd.dk
Thu Jul 15 09:11:20 CEST 2010 

Hello FreeRadius users 

 

I'm trying to get some group stuff working in freeradius

 

I want to check a group file for witch group a user is member off, and
after that send specific commands back to the radius client, on behalf
of witch group the client is a member of.

I can't get freeradius to do the correct check on my Group variable in
my users file, and I can't figure out what I'm missig or what I'm doing
wrong.

 

I have done the following 

 

Added my group file to the passwd module

passwd groups {

        filename = /etc/freeradius/radius-groups

        format = "Group:::*,User-Name"

        hashsize = 0

        delimiter = :

        ignorenislike = yes

        allowmultiplekeys = yes

}

 

My group file looks like this

wcs-superadmin:x:1:admin

wcs-monitors:x:2:jmd

 

 

I have done the following in my users file to send the specific data
back to the radius client where my check relies on what the Group
variable contains.

DEFAULT         NAS-IP-Address == 172.31.254.4, Group ==
"wcs-superadmin"

                Cisco-AVPair += 'Wireless-WCS:role0=SuperUsers',

                Cisco-AVPair += 'Wireless-WCS:task0=Users and Groups',

                Cisco-AVPair += 'Wireless-WCS:task1=Audit Trails'

 

DEFAULT         NAS-IP-Address == 172.31.254.4, Group == "wcs-monitors"

                Cisco-AVPair += 'Wireless-WCS:task0=Users and Groups',

                Cisco-AVPair += 'Wireless-WCS:task1=Audit Trails'

 

When I run a debug I get the following information

 

 

rad_recv: Access-Request packet from host 127.0.0.1 port 33646, id=62,
length=55

        User-Name = "jmd"

        User-Password = "password"

        NAS-IP-Address = 172.31.254.4

        NAS-Port = 0

Thu Jul 15 09:09:10 2010 : Info: +- entering group authorize {...}

Thu Jul 15 09:09:10 2010 : Info: ++[preprocess] returns ok

Thu Jul 15 09:09:10 2010 : Info: [kmdov3] Added crypt-Password:
'crpyt-password' to config_items 

Thu Jul 15 09:09:10 2010 : Info: ++[kmdov3] returns ok

Thu Jul 15 09:09:10 2010 : Info: [groups] Added Group: 'wcs-monitors' to
config_items 

Thu Jul 15 09:09:10 2010 : Info: ++[groups] returns ok

Thu Jul 15 09:09:10 2010 : Info: ++[chap] returns noop

Thu Jul 15 09:09:10 2010 : Info: ++[mschap] returns noop

Thu Jul 15 09:09:10 2010 : Info: [suffix] No '@' in User-Name = "jmd",
looking up realm NULL

Thu Jul 15 09:09:10 2010 : Info: [suffix] No such realm "NULL"

Thu Jul 15 09:09:10 2010 : Info: ++[suffix] returns noop

Thu Jul 15 09:09:10 2010 : Info: [eap] No EAP-Message, not doing EAP

Thu Jul 15 09:09:10 2010 : Info: ++[eap] returns noop

Thu Jul 15 09:09:10 2010 : Info: ++[files] returns noop

Thu Jul 15 09:09:10 2010 : Info: ++[expiration] returns noop

Thu Jul 15 09:09:10 2010 : Info: ++[logintime] returns noop

Thu Jul 15 09:09:10 2010 : Info: ++[pap] returns updated

Thu Jul 15 09:09:10 2010 : Info: Found Auth-Type = PAP

Thu Jul 15 09:09:10 2010 : Info: +- entering group PAP {...}

Thu Jul 15 09:09:10 2010 : Info: [pap] login attempt with password
"password"

Thu Jul 15 09:09:10 2010 : Info: [pap] Using CRYPT encryption.

Thu Jul 15 09:09:10 2010 : Info: [pap] User authenticated successfully

Thu Jul 15 09:09:10 2010 : Info: ++[pap] returns ok

Thu Jul 15 09:09:10 2010 : Info: +- entering group post-auth {...}

Thu Jul 15 09:09:10 2010 : Info: ++[exec] returns noop

Sending Access-Accept of id 62 to 127.0.0.1 port 33646

Thu Jul 15 09:09:10 2010 : Info: Finished request 1.

 

 

As you can see the Group: variable is set to 'wcs-monitors' witch is the
group jmd is member off. But i never sends the correct data back from
the users file. Howto do that ?

 

Best regards

Jan Madsen

________________________________________________________________________
__________________
KMD A/S, Lautrupparken 40-42, DK-2750 Ballerup, CVR-nr. 26911745 

KMD er medlem af IT-Branchen og Dansk Erhverv samt anmeldt til
Datatilsynet som edb-servicevirksomhed. KMD er certificeret i henhold
til ISO 9001:2000, med Dansk Standard som certificerende organ og er
desuden Microsoft Gold Certified Partner og Certificeret SAP Hosting
Center.

www.kmd.dk www.kundenet.kmd.dk www.organisator.dk
www.kmdinternational.com

Hvis du har modtaget denne e-mail ved en fejl, bedes du venligst give
mig besked herom og slette den.
If you received this e-mail by mistake, please notify me and delete it.
Thank you.
________________________________________________________________________
__________________
KMD A/S, Lautrupparken 40-42, DK-2750 Ballerup, CVR-nr. 26911745 

KMD er medlem af IT-Branchen og Dansk Erhverv samt anmeldt til
Datatilsynet som edb-servicevirksomhed. KMD er certificeret i henhold
til ISO 9001:2000, med Dansk Standard som certificerende organ og er
desuden Microsoft Gold Certified Partner og Certificeret SAP Hosting
Center.

www.kmd.dk www.kundenet.kmd.dk www.organisator.dk
www.kmdinternational.com

Hvis du har modtaget denne e-mail ved en fejl, bedes du venligst give
mig besked herom og slette den.
If you received this e-mail by mistake, please notify me and delete it.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100715/905fbe37/attachment.html>

More information about the Freeradius-Users mailing list