Hi,

> On 13 Jul 2017, at 15.56, Hartmaier Alexander 
> <alexander.hartma...@t-systems.at> wrote:
> 
> On 2017-07-13 14:19, Tuure Vartiainen wrote:
>> 
>> 
>> So OSC-Authorize-Group attributes define group ids which are allowed to login
>> to that device?
> It's added metadata for the request which includes all groups the device
> is member of.
>> 
>>> A Handler for example matches on OSC-Authorize-Group=123, which works as
>>> long as the device is only member of this single group but not if in
>>> multiple like in the above example.
>>> 
>> How is mapping to user groups done within a handler?
>> 
>> One option could be DynamicCheck which can be used for implementing a group 
>> check?
>> 
>> http://www.open.com.au/radiator/ref/DynamicCheck.html#DynamicCheck
> One handler per group, the AuthBy SQL only includes users authorized for
> that group of devices.
> The goal is to allow everybody in our team to modify the group
> membership through our NMS without any knowledge of Radiator or config
> change there.
> 
> <Handler Client-Identifier=radius-proxy-1, OSC-Authorize-Group=123>
> 

Ok.

>> 
>>> I haven't found an example how to match on the value of an attribute
>>> which occurs multiple times in the authentication request, is it possible?
>>> 
>> Unfortunately not currently. I created a feature request for this.
> Thanks! Any idea how long that might take to implement?

I’ll send you a patch to test.


BR
-- 
Tuure Vartiainen <varti...@open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to