Hi, > On 13 Jul 2017, at 15.56, Hartmaier Alexander > <[email protected]> wrote: > > On 2017-07-13 14:19, Tuure Vartiainen wrote: >> >> >> So OSC-Authorize-Group attributes define group ids which are allowed to login >> to that device? > It's added metadata for the request which includes all groups the device > is member of. >> >>> A Handler for example matches on OSC-Authorize-Group=123, which works as >>> long as the device is only member of this single group but not if in >>> multiple like in the above example. >>> >> How is mapping to user groups done within a handler? >> >> One option could be DynamicCheck which can be used for implementing a group >> check? >> >> http://www.open.com.au/radiator/ref/DynamicCheck.html#DynamicCheck > One handler per group, the AuthBy SQL only includes users authorized for > that group of devices. > The goal is to allow everybody in our team to modify the group > membership through our NMS without any knowledge of Radiator or config > change there. > > <Handler Client-Identifier=radius-proxy-1, OSC-Authorize-Group=123> >
Ok. >> >>> I haven't found an example how to match on the value of an attribute >>> which occurs multiple times in the authentication request, is it possible? >>> >> Unfortunately not currently. I created a feature request for this. > Thanks! Any idea how long that might take to implement? I’ll send you a patch to test. BR -- Tuure Vartiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator
