[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: FreeRADIUS with DEFAULT user
From:       Kostas Kalevras <kkalev () noc ! ntua ! gr>
Date:       2002-12-28 10:35:51
[Download RAW message or body]

On Wed, 25 Dec 2002, Fernando Teodoro wrote:

> > Check out the default_user_profile directive in sql.conf. This feature has
> been
> > added in the latest versions of the sql module. The comments in sql.conf
> should
> > also be very helpfull.
> Ok, I've found it. After some tests, I've reached the situation: default
> profile works, in fact. But in my case, I need to set up a default profile
> with Auth-Type=Accept; the problem is FreeRadius applies default profile to
> all users, BEFORE verifying radcheck table. This way, everybody can log in,
> with any password, and falls in default profile.
> In this point, IC-Radius is more intelligent (or I'm more stupid, and didn't
> find the way): IC verifies radcheck table BEFORE, and if the supplied
> credentials are ok, authenticates the registered user; otherwise - since the
> credentials aren't in radcheck tables - the user falls in DEFAULT scope,
> going to a group according with radgroup table (where I can setup different
> pool, NAS filter, and so on)
>
> This is the puzzle. Maybe I've missed something, but as far as I've gone,
> there's no way to:
> a) if the login/pass EXISTS in radcheck, authenticate the user with the
> credentials;
> b) OTHERWISE, apply group features to this user, now a DEFAULT user.

Check out the query_on_not_found directive. The DEFAULT profile is queried
last *after* the check/reply tables. You can use that directive to also query
the DEFAULT profile when the user is not found.

>
> If there's any way to do this, I'll be very helpful. FreeRadius seems to be
> more functional than ICradius, but for now, I've switched back.
>
>
>
> -- Fernando
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras		Network Operations Center
kkalev@noc.ntua.gr	National Technical University of Athens, Greece
Work Phone:		+30 210 7721861
'Go back to the shadow'	Gandalf


[prev in list] [next in list] [prev in thread] [next in thread]