SV: Getting groups to work, from a group file

Madsen.Jan JMD JMD at kmd.dk
Thu Jul 15 10:49:59 CEST 2010 

Thanks for answer Alan

I did change the variable to the following
Etc_group module file
passwd radius_group {
        filename = /etc/freeradius/radius-groups
        format = "Radius1-Group:::*,User-Name"
        hashsize = 50
        ignorenislike = yes
        allowmultiplekeys = yes
        delimiter = ":"
}

Added the following to dictionary file
ATTRIBUTE       Radius1-Group           3003    string

Changed the users file
DEFAULT         NAS-IP-Address == 172.31.254.4, Radius1-Group == "wcs-superadmin" 
                Cisco-AVPair += 'Wireless-WCS:role0=SuperUsers'

DEFAULT         NAS-IP-Address == 172.31.254.4, Radius1-Group == "wcs-monitors" 
                Cisco-AVPair += 'Wireless-WCS:task0=Users and Groups'

And still the debug looks the same Radius1-Group is getting set to the correct "group-name" but the +files returns noop
[kmdov3] Added crypt-Password: 'crypt-password' to config_items 
Thu Jul 15 10:47:45 2010 : Info: ++[kmdov3] returns ok
Thu Jul 15 10:47:45 2010 : Info: [radius_group] Added Radius1-Group: 'wcs-monitors' to config_items 
Thu Jul 15 10:47:45 2010 : Info: ++[radius_group] returns ok
Thu Jul 15 10:47:45 2010 : Info: ++[chap] returns noop
Thu Jul 15 10:47:45 2010 : Info: ++[mschap] returns noop
Thu Jul 15 10:47:45 2010 : Info: [suffix] No '@' in User-Name = "jmd", looking up realm NULL
Thu Jul 15 10:47:45 2010 : Info: [suffix] No such realm "NULL"
Thu Jul 15 10:47:45 2010 : Info: ++[suffix] returns noop
Thu Jul 15 10:47:45 2010 : Info: [eap] No EAP-Message, not doing EAP
Thu Jul 15 10:47:45 2010 : Info: ++[eap] returns noop
Thu Jul 15 10:47:45 2010 : Info: ++[files] returns noop
Thu Jul 15 10:47:45 2010 : Info: ++[expiration] returns noop
Thu Jul 15 10:47:45 2010 : Info: ++[logintime] returns noop
Thu Jul 15 10:47:45 2010 : Info: ++[pap] returns updated
Thu Jul 15 10:47:45 2010 : Info: Found Auth-Type = PAP
Thu Jul 15 10:47:45 2010 : Info: +- entering group PAP {...}
Thu Jul 15 10:47:45 2010 : Info: [pap] login attempt with password "password"
Thu Jul 15 10:47:45 2010 : Info: [pap] Using CRYPT encryption.
Thu Jul 15 10:47:45 2010 : Info: [pap] User authenticated successfully
Thu Jul 15 10:47:45 2010 : Info: ++[pap] returns ok
Thu Jul 15 10:47:45 2010 : Info: +- entering group post-auth {...}
Thu Jul 15 10:47:45 2010 : Info: ++[exec] returns noop
Sending Access-Accept of id 216 to 127.0.0.1 port 33716

Does it looks like I'm missing something somewhere ?

Best regards
Jan Madsen

-----Oprindelig meddelelse-----
Fra: freeradius-users-bounces+jmd=kmd.dk at lists.freeradius.org [mailto:freeradius-users-bounces+jmd=kmd.dk at lists.freeradius.org] På vegne af Alan DeKok
Sendt: 15. juli 2010 10:30
Til: FreeRadius users mailing list
Emne: Re: Getting groups to work, from a group file

Madsen.Jan JMD wrote:
> I want to check a group file for witch group a user is member off, and
> after that send specific commands back to the radius client, on behalf
> of witch group the client is a member of.
> 
> I can’t get freeradius to do the correct check on my Group variable in
> my users file, and I can’t figure out what I’m missig or what I’m doing
> wrong.

  The "Group" and "Group-Name" attributes have pre-defined meanings.
Don't use them,.


> I have done the following
...
>         format = "Group:::*,User-Name"

  No.  See raddb/modules/etc_group for a *working* example of a group
configuration.  See "man rlm_passwd" for more documentation on the same
subject.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________________________________________________________
KMD A/S, Lautrupparken 40-42, DK-2750 Ballerup, CVR-nr. 26911745 

KMD er medlem af IT-Branchen og Dansk Erhverv samt anmeldt til Datatilsynet som edb-servicevirksomhed. KMD er certificeret i henhold til ISO 9001:2000, med Dansk Standard som certificerende organ og er desuden Microsoft Gold Certified Partner og Certificeret SAP Hosting Center.

www.kmd.dk   www.kundenet.kmd.dk   www.organisator.dk   www.kmdinternational.com

Hvis du har modtaget denne e-mail ved en fejl, bedes du venligst give mig besked herom og slette den.
If you received this e-mail by mistake, please notify me and delete it. Thank you.
__________________________________________________________________________________________
KMD A/S, Lautrupparken 40-42, DK-2750 Ballerup, CVR-nr. 26911745 

KMD er medlem af IT-Branchen og Dansk Erhverv samt anmeldt til Datatilsynet som edb-servicevirksomhed. KMD er certificeret i henhold til ISO 9001:2000, med Dansk Standard som certificerende organ og er desuden Microsoft Gold Certified Partner og Certificeret SAP Hosting Center.

www.kmd.dk   www.kundenet.kmd.dk   www.organisator.dk   www.kmdinternational.com

Hvis du har modtaget denne e-mail ved en fejl, bedes du venligst give mig besked herom og slette den.
If you received this e-mail by mistake, please notify me and delete it. Thank you.

More information about the Freeradius-Users mailing list