cant login without fall-through = 1 ??

Lanny Baron lnb@cybertouch.org
Fri, 28 Sep 2001 15:08:03 GMT 

Hello Mike,
I have having real problems with one of our accounts and RADIUS. Some time 
ago I had mailed the list about DEFAULT. I did get some help. However, all 
night long people are unable to login. It seems that the DEFAULT has to be 
as follows: 

DEFAULT  Simultaneous-Use = 1
       Session-Timeout = 18000,
       Fall-Through = 1 

With the above, people can login. However, there are users above this entry. 
When I say above I mean if you were to vi /etc/raddb/users it would look 
exactly like this: 

user1   Auth-Type = Local, Password = "denvercity"
       Framed-Protocol = PPP,
       Framed-IP-Address = 63.87.216.214,
       User-Service-Type = Framed-User,
#       Session-Timeout = 0 

#
#
user2      Auth-Type = Local, Password = "band99", Simultaneous-Use = 1
       Service-Type = Framed-User,
       Framed-Protocol = PPP,
       Framed-IP-Address = 255.255.255.254,
#       Session-Timeout = 0
#
#
# DEFAULT        Simultaneous-Use = 1
DEFAULT  Simultaneous-Use = 1
       Session-Timeout = 18000,
       Fall-Through = 1 

I tried the Session-Timeout = 0 for accounts that are supposed to have full 
time connections. Instead, as soon as they dial in, they get kicked off. But 
with the Session-Timeout commented out, they get kicked after 5 hours which 
is 18,000 seconds. 

What we want is user Auth only  from the users file. And the ability to 
selectively allow people to override the default Timeout. 

There is no typographical error with the lack of a , at the Fall-Through = 1 
but if that must have a comma, please let me know. I can KILL -HUP radisud 
with or without the , on the Fall-Through = 1 line in the default entry. 

Thanks,
Lanny
Where am I going wrong here?
Lanny Baron writes: 

> Hello,
> Why would not having in the DEFAULT Fall-Through = 1 stop users from 
> authenticating if there is a user with correct values.. i.e. password = 
> "blah" ?  
> 
> Our DEFAULT doesn't use Auth-Type as I want users to authenticate from the 
> users file and not the system.  
> 
> Thanks
> Lanny  
> 
> - List info/subscribe/unsubscribe? See http://www.radius.cistron.nl/list/