Hello, everyone
This is my first post on Zentyal forums and would like to share my experience configuring the Radius server.
I have Zentyal 2.2 running on a virtual machine for testing and was playing with it to learn how to configure the basics.
All worked very good but I found a problem with Radius authentication. If the setting for
Group allowed to authenticate was set to ALL Users there was no problems authenticating. However, if I set it to a specific group, like
vpn, no user was able to authenticate (the users where part of this group).
After reading the documentation and other posts, I came across this file:
/usr/share/zentyal/stubs/radius/users.mas and notice something in the code. The original file was:
<%args>
$bygroup
$group
</%args>
# /etc/freeradius/users
% if ($bygroup) {
DEFAULT LDAP-Group == <% $group %>
Service-Type := Login-User
DEFAULT Auth-Type := Reject
% } else {
DEFAULT Service-Type := Login-User
% }
I have some previous experience configuring Freeradius as an authentication Radius server for a Vyatta router. I also used LDAP as the users database for that setup and my users file looked a little different:
DEFAULT LDAP-Group == Vyatta ,Service-Type := Login-User
DEFAULT Auth-Type := Reject
Then I decided to change the users.mas file to generate a users file like the one I had for my Vyatta router and voila! The Radius authentication using a specific group started to work like a charm.
The resulting users.mas file:
<%args>
$bygroup
$group
</%args>
# /etc/freeradius/users
% if ($bygroup) {
DEFAULT LDAP-Group == <% $group %>,Service-Type := Login-User
DEFAULT Auth-Type := Reject
% } else {
DEFAULT Service-Type := Login-User
% }
I hope this could help somebody out there having a similar problem