How to reject when a user logs in without realm?
Navin
navin.kumar at freescale.com
Thu Jul 16 15:07:35 CEST 2009
At 08:00 PM 7/15/2009, you wrote:
> > Hope you are referring to
> > realm freescale.com {
> > type = radius
> > authhost = LOCAL
> > accthost = LOCAL
> >
> > present in the radiusd.conf file. removed it. Restarted the freeradius
> > server.
> >
> > The user file contains
> > navin at freescale.com Cleartext-Password := "navin123"
> >
> > Even then when tested with radtest tool , the users "navin" &
> > "navin at freescale.com"
> > are both getting authenticated. I would prefer only
> > navin at freescale.com get authenticated
> > and user "navin" should get rejected.
>
>There is something else there then as well. Post the debug for navin. You
>can probably safely disable suffix as well. But lets first see what is
>stripping the username. There is nothing in the default configuration that
>does that.
Navin wrote:
Thanks for suggesting the debug option. What probably happening was,
the users file by default is configured to look into unix password database
(/etc/passwd), And it so happens, that my machine has the same user and
userpasswd as the radius access request info.
Hence the login for "navin" as well as "navin at freescale.com" was getting
authenticated.
users file snippet of unix password database:
#
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT Auth-Type = System
Fall-Through = 1
The debug option helped to see that i was hitting the above lines
when i logged in as "navin".
Thanks.
have a nice day,
navin
>Ivan Kalik
>Kalik Informatika ISP
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list