You didn't say where you created the groups.

Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

sorry, I've added the following into the users file.

Users File
DEFAULT Group == "Read-Access"
Cisco-AVPair == 'shell:priv-lvl=7',
User-Name = user1,
User-Name = user2

DEFAULT Group == "Full-Access"
Cisco-AVPair == 'shell:priv-lvl=15',
User-Name = user1,
User-Name = user2

user1 Auth-Type := Local, User-Password == "user1"
Service-Type = Framed-User,
Framed-Protocol = None

user2 Auth-Type := Local, User-Password == "user2"
Service-Type = Framed-User,
Framed-Protocol = None

superuser Auth-Type := Local, User-Password == "superuser"
Service-Type = Framed-User,
Cisco-AVPair = 'shell:priv-lvl=15',
Framed-Protocol = None


-----Original Message-----
From: Alan DeKok [mailto:***@ox.org]
Sent: 18 August 2004 15:42
To: freeradius-***@lists.freeradius.org
Subject: Re: Creating Groups
You didn't say where you created the groups.

Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Sorry Alan I didn't mean to offend,

Although I must admit that I did wonder if you had missed it as I did state
that they were declared in the users file.

Am I right in thinking that I also need to declare the groups elsewhere,
such as my MySQL backend or the local passwd file? Is it enough to simply
declare them in the user file the same way that users are created?

I have also tried creating the groups in the huntgroup file but the same
issue happened where only the superuser can authenticate successfully.

Can you confirm if my declaration of groups is correct are can I assist by
providing any more debug output?

DEFAULT Group == "Read-Access"
Cisco-AVPair == 'shell:priv-lvl=7',
User-Name = user1,
User-Name = user2

DEFAULT Group == "Full-Access"
Cisco-AVPair == 'shell:priv-lvl=15',
User-Name = user1,
User-Name = user2

Many thanks in advance,

Ryan








-----Original Message-----
From: Alan DeKok [mailto:***@ox.org]
Sent: 18 August 2004 16:12
To: freeradius-***@lists.freeradius.org
Subject: Re: Creating Groups
...

That's nice. You already posted it. Did you think I didn't read it?

As I said before, you didn't say where you created the groups.

Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Hi,

Have you got any ideas on what may be wrong with my group declaration?

Many Thanks in advance for you time.

Ryan

-----Original Message-----
From: Ryan Moreton [mailto:***@dxi.net]
Sent: 18 August 2004 16:33
To: 'freeradius-***@lists.freeradius.org'
Subject: RE: Creating Groups


Sorry Alan I didn't mean to offend,

Although I must admit that I did wonder if you had missed it as I did state
that they were declared in the users file.

Am I right in thinking that I also need to declare the groups elsewhere,
such as my MySQL backend or the local passwd file? Is it enough to simply
declare them in the user file the same way that users are created?

I have also tried creating the groups in the huntgroup file but the same
issue happened where only the superuser can authenticate successfully.

Can you confirm if my declaration of groups is correct are can I assist by
providing any more debug output?

DEFAULT Group == "Read-Access"
Cisco-AVPair == 'shell:priv-lvl=7',
User-Name = user1,
User-Name = user2

DEFAULT Group == "Full-Access"
Cisco-AVPair == 'shell:priv-lvl=15',
User-Name = user1,
User-Name = user2

Many thanks in advance,

Ryan








-----Original Message-----
From: Alan DeKok [mailto:***@ox.org]
Sent: 18 August 2004 16:12
To: freeradius-***@lists.freeradius.org
Subject: Re: Creating Groups
...

That's nice. You already posted it. Did you think I didn't read it?

As I said before, you didn't say where you created the groups.

Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Alan,

Could you therefore please direct me to where it clearly defines in the
documentation how to declare groups using the configuration files (not an
external system file or SQL Backend) in the same way that users are defined?


It is therefore my understanding that I have to declare groups completely
separate to the way that users are defined and have to add the groups into
an external file on the system i.e. /etc/groups or by creating them on the
SQL backend. This is thanks to the response from another mailing list user
(Many Thanks for this :) )

Can you confirm if this is correct?

You are correct in that nothing in the documentation makes me believe that
the "Group" attribute can be used to declare groups, but then again I cannot
find anything in the documentation informing me how to successfully declare
groups and it does appear to be a very undocumented area.

It would be more helpful if you had informed me of this in the first place
rather than writing what I consider rude responses assuming I hadn't already
looked at the FAQ's.

I have always thought that these mailing lists were to help assist with
problems. I never expected the type of responses I got from you, from what I
consider a legitimate question.

In summary Alan, you have been as useful as a hole in the head.

Thank god not everybody on this mailing list is the same.

Ryan



-----Original Message-----
From: Alan DeKok [mailto:***@ox.org]
Sent: 19 August 2004 15:52
To: freeradius-***@lists.freeradius.org
Subject: Re: FW: Creating Groups
You are not declaring groups. Nothing in the documentation leads
you to believe that the "Group" attribute can be used to declare
groups.

See the FAQ for examples of what the "Group" attribute is, and what
it does.

Alan DeKok.


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

You started off by NOT describing what you wanted to do, which meant
that it was impossible to help you.

If you don't like the answers to badly formed questions, then ask
better questions.

I would have thought it was quite clear what I wanted to do.
I quote from my original mail "I want to create a group with a Cisco AV Pair
privilege level of seven and
another group with a privilege level of 15 within the users file." RTFE



Sadly, I *do* expect people like you to ask useless questions, to
refuse to follow directions, and then to get angry when their
questions are answered, or when they get told to RTFM.

I'm not angry, I just think that there is no excuse to be rude to somebody
who is trying to work something out and asking for assistance. I honestly
believed that is what this mailing list was all about. Remember "Manners
don't cost anything!"



I wrote large portions of the server, the documentation, and I
answer a large number of questions in this list. If you don't like
the work I've done, you don't have to use any of it. I'm going to be
around, and contributing to the server, long after you've disappeared
into the vacuum from which you came.

Congratulations on your achievements, if you could also e-mail me a copy
your CV it would be highly appreciated.
I wasn't complaining about the work you've done, I just think it's a shame
that your not willing to help people in a polite manner.


And insulting the one person who answered your question is not a terribly
bright thing to do.
The only stupid thing I've done is to waste my time responding to you, but
I'm pretty sure I haven't heard the last of it.

Ryan (Vacuum Owner)


Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Id agree - manners cost nothing.
Remember no question is irrelevant or stupid, however withholding knowledge
highlights peoples insecurities
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Alan is right!.. This list isn't for paying customers that pay for a support
contract (NOTE THE NAME "FREE RADIUS") . I been following the whole thread
and you must not have read through the documentation.. and because you have
not taken the time to read the information that was written for this purpose
you are wasting people's time...
If you don't understand after you have read it then that’s something else...
It sounds like you have not read the docs... then have received the
appropriate direction and still refuse to learn...
That’s unfortunate...

Because of this you have wasted Alan's time and taken his information from
the rest of the list that has questions .. that have taken the time to read
the docs..

Alan... thanx for you hard work.. pay no attention to the unappreciative..


Cris


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.737 / Virus Database: 491 - Release Date: 8/11/2004



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

How can you assume "it sounds like you havent read the docs" - and if YOU
understood the question then why didnt you answer to alleviate Allans time?
If people arent willing to pass their understanding on, then your right
whats the point!. Lets all go out and buy a more robust, stable
authentication device with professional support contracts.
Id rather factor this cost into my solution than come up against the mails
Ive seen recently

Anyone can know -- the point is to understand
Albert Einstein
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Hi,

I would like to clarify a few things before Alan continues to make
accusation about me, which I consider unfair and unjustified. I hope that
anybody who is having trouble with group authentication can get some sense
out of this messy conversation. I apologise in advance for this e-mail being
non-technical, but I do hope that if anybody is having issues with groups
then it can become of some assistance. I also hope that nobody else has been
offended by any of the messages posted on this matter.

Firstly I would like to point out that I did read the documentation and the
FAQ's. I found some of the documentation very useful and it allowed me to
create users and point my dialup users to the MySQL backend with little
fuss. I am new to freeradius and as with learning about most things, I
occurred some problems trying to create groups not using the SQL backend.
Creating groups from within the configuration files is not as straight
forward as creating users. You have to either use the local group file or
create an additional file where you can group the users or you can use the
SQL backend.

In my eyes the creating of groups is not documented well and I did make the
mistake of assuming that groups could be created in the users file, hence my
original question "What have I done wrong?" Please see original e-mail.

Whilst looking on the website I assumed that this mailing list could be used
to assist with configuration problems, such as this and posted a question
asking what I had done wrong?

I certainly never expected the responses to be rude and it has now got to
the point where Alan keeps posting derogatory things making assumptions
about who I am. I have not got angry at any stage throughout this discussion
and I can not be blamed for expecting responses not to be rude. His whole
argument is that just because the support is free it somehow gives him
permission to act in that way.

Nobody else's acted in the way you did Alan and I shouldn't see why I should
put up with that simply because I don't fully understand something and I'm
asking for help. I certainly don't want you to "kiss my arse" as you so
politely put it.

Alan never at any stage pointed out what I had done wrong, infact Alan all
your responses to me were not any help whatsoever and I can't help feeling
that this is why you have reverting to acting in this manner. I didn't
understand how groups were declared from within the configuration files
bundled with free radius, I don't expect somebody to do all the work for me,
all I was after was if somebody had some knowledge on what I had done wrong.

I now understand that I have to create the groups separately in the
/etc/groups file and use the users file to assign attributes to the groups.
In my example I wanted to create different privilege levels to different
groups, so if anybody wishes to achieve this then separate groups have to be
created external to the configuration files, which come with free radius.
Many thanks to those of you who responded directly to me explaining how this
can be achieved. :)

I hope these responses do not stop other people asking questions about
freeradius in fear of being labelled something.

I can clearly state that I have had excellent responses to my question from
some people on this mailing list.

Ryan



-----Original Message-----
From: Alan DeKok [mailto:***@ox.org]
Sent: 20 August 2004 16:09
To: freeradius-***@lists.freeradius.org
Subject: Re: FW: FW: Creating Groups


(off-list)
I think you are missing the point of my response.

I responded to the original question. I responded politely, and
pointed out what he had done wrong. What he claimed he was trying to
do was the opposite of the examples he posted. The example he posted
indicated that he hadn't read the FAQ, hadn't read "radiusd.conf", and
hadn't read the documentation for the "users" file, which says that
"==" is a COMPARISON, not a CREATION operator.

After I pointed out what he had done wrong, he got angry at me,
accused me of being "rude", and got unnecessarily personal. He wanted
ME to do ALL the work of thinking for him, as he was too lazy or too
stupid to read the documentation. And to make it worse, he wanted me
to kiss his ass during that process.

Hell will freeze over before that happens.

If his ego is too delicate to handle someone telling him he did
something wrong, he can go to hell, too.
I offer professional support contracts, as do others. See the
servers web page.

As for the list, it's *free* support. If you don't like free
support, then pay someone to be nice to you.

My conclusion in all of these situations is that the people who
don't like honest, free, support are the kind of people who are
unwilling to pay for support, and don't, in fact, want their problems
solved. They want people to be "nice" to them, even if it means that
their problems won't get solved.

I hate it when self-righteous blow-hards tell me how to live my life.

Alan DeKok.


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

Nice to see you still leaving up to your name
_________________________________________________________________
Get ready for school! Find articles, homework help and more in the Back to
School Guide! http://special.msn.com/network/04backtoschool.armx


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html