Quick update. <br>Although the radius server no longer accepts blank passwords, i now have a problem where users who belong to groups which are not allowed to access nas devices in certain huntgroups can now do so.<br>Any ideas?<br>
<br><div class="gmail_quote">On Thu, Jan 21, 2010 at 7:14 PM, Satyam Mathura <span dir="ltr"><<a href="http://satz.sm">satz.sm</a>@<a href="http://gmail.com">gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
The reason i had those configs was because they were outlined as steps to reject authentication by default in the guide i was using.<div class="im"><br><a href="http://wiki.freeradius.org/SQL_Huntgroup_HOWTO" target="_blank">http://wiki.freeradius.org/SQL_Huntgroup_HOWTO</a><br>
<br></div><span style="color: rgb(51, 51, 255);">"Note: If you want to reject authentication by default then edit the
raddb/users file and add this:
</span>
<pre style="color: rgb(51, 51, 255);">DEFAULT Auth-Type := Reject<br></pre>
<p style="color: rgb(51, 51, 255);">Then add Auth-Type Accept with := as op in radgroupcheck for each group"</p><p><br></p><p>I've commented out the DEFAULT Auth-Type := Reject in the users file<br></p><p>and removed the Auth-Type := Accept from the radgroupcheck table and the server no longer accepts a blank password.</p>
<p><br></p><p>Guide is incorrect or needs updating?</p><p>Thanks for the help guys.<br></p><div><div></div><div class="h5"><p><br></p><p><br></p><p><br></p><p><br></p><p><br></p><div class="gmail_quote">On Thu, Jan 21, 2010 at 6:58 PM, Bjørn Mork <span dir="ltr"><<a href="mailto:bjorn@mork.no" target="_blank">bjorn@mork.no</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>Satyam Mathura <<a href="http://satz.sm" target="_blank">satz.sm</a>@<a href="http://gmail.com" target="_blank">gmail.com</a>> writes:<br>
<br>
> Line 204 in my users file is the following:<br>
> DEFAULT Auth-Type := Reject<br>
<br>
</div>You don't want that. It removes the server's ability to figure it out<br>
by itself.<br>
<div><br>
<br>
> my radgroupcheck config:<br>
> +----+------------------+----------------+----+----------------+<br>
> | id | groupname | attribute | op | value |<br>
> +----+------------------+----------------+----+----------------+<br>
> | 5 | engineeringadmin | Huntgroup-Name | == | admin |<br>
> | 6 | engineeringadmin | Auth-Type | := | Accept |<br>
<br>
</div>Why? This will make the server act as you describe: Any username in the<br>
engineeringadmin group will be accepted regardless of password.<br>
<font color="#888888"><br>
<br>
Bjørn<br>
</font><div><div></div><div><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a></div></div></blockquote></div><br>
</div></div></blockquote></div><br>