denying access to user from device

Rob Shepherd rob at techniumcast.com
Fri Sep 15 13:09:23 CEST 2006 

Garrett.Marks at wichita.edu wrote:
> 
> 
> 
>  > Rob Shepherd wrote:
>  > TYPO!
>  >
>  > DEFAULT HuntGroup-Name == ciscovpnc
>  >          Autz-Type := ldap
>  >
>  > ...is how it looks in raddb/user.
> 
> You need to put the Autz-Type on the first line as a check item.
> 
> DEFAULT HuntGroup-Name == ciscovpnc, Autz-Type := ldap

Thanks to Alan D. and Garret M. for their comments..

However , neither ldap nor sql are checked at all in any case now.  I've 
not quite got it right....

I've since ditched declaring raddb/huntgroups, as a simplifying 
exercise. I'm checking for NAS-IP-Address instead in raddb/users.

raddb/users now looks like this


DEFAULT Auth-Type := PAP
         Fall-Through = yes

# wlan controller - needs LDAP and MySQL
DEFAULT NAS-IP-Address == 172.16.6.4, Autz-Type := LDMS
         Tunnel-Type = VLAN,
         Tunnel-Medium-Type = IEEE-802,
         Fall-Through = yes

# vpn concentrator - only LDAP
DEFAULT NAS-IP-Address == 10.1.33.4, Autz-Type := LDAP
         Fall-Through = yes


radiusd has this..

authorize {
         preprocess
         eap
         mschap
         Autz-Type LDAP {
                 ldap
         }
         Autz-Type LDMS {
                 ldap
                 sql
         }
}

The modules section is as it was when wireless was working. I can see 
with -X that the ldap and sql modules are instantiated fine.

Here's the only processing that is done.

Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
   modcall[authorize]: module "preprocess" returns ok for request 0
   rlm_eap: No EAP-Message, not doing EAP
   modcall[authorize]: module "eap" returns noop for request 0
   modcall[authorize]: module "mschap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: No authenticate method (Auth-Type) configuration found for the 
request: Rejecting the user
auth: Failed to validate the user.


If anybody would be so kind as to point me in the right direction....

Thanks IA

Rob

-- 
Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ
rob at techniumcast.com | 01248 675024 | 077988 72480

More information about the Freeradius-Users mailing list