[Fwd: rlm_passwd & realms]

Edgars edzix19 at inbox.lv
Mon Jun 6 15:06:28 CEST 2005 

Alan or Kevin,

found this possible to be done with Autz-Type.

First, I have one passwd file which  should check the following things:

passwd edg_check {
            filename = /etc/freeradius/pass_check
            format = "*Realm:~NAS-IP-Address:Autz-Type"

        }

The name of this passwd I have put in authorize section. In the same 
section I have also created an Autz-Type, like follows:

authorzie{
  preprocess
  mschap
  chap
  suffix
  edg_check
  Autz-Type mt {
     edg_pass
     edg_pass_group
  }
}

So the content of the 'edg_check' is 'mt:10.5.8.102:mt'.
Seems that somewhere is mistake caus' receiving in the debug screen the 
following information (pay attention to "rlm_passwd: *Unable to create 
Autz-Type: mt*". What could it mean?):
.........................
 rlm_realm: Looking up realm "mt" for User-Name = "edg at mt"
    rlm_realm: Found realm "mt"
    rlm_realm: Adding Stripped-User-Name = "edg"
    rlm_realm: Proxying request from user edg to realm mt
    rlm_realm: Adding Realm = "mt"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
rlm_passwd: *Unable to create Autz-Type: mt*
rlm_passwd: Added NAS-IP-Address: '10.5.8.102' to request_items
  modcall[authorize]: module "edg_check" returns ok for request 0
modcall: group authorize returns ok for request 0
auth: No authenticate method (Auth-Type) configuration found for the 
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [edg/edg] (from client lalala port 0 cli 10.5.8.106)

Thanks a lot,

Edgars



Alan DeKok wrote:

>Edgars <edzix19 at inbox.lv> wrote:
>  
>
>>i had a thought that I could make so that all my users would have an
>>access to different servers (realms) with possibility to have
>>different passwords. So, I have no idea how to make this except the
>>thought I wrote in one of my today e-mails (about if statement).
>>    
>>
>
>  It's hard, and it's problematic.  I would not recommend doing this.
>
>  Alan DeKok.
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>  
>

More information about the Freeradius-Users mailing list