Okay,
First part: is it possible to auth from a UNIX passwd/shadow file but have
a user database so we can hand out IP addresses to specific users (and
hopefully choke off anyone who is in the passwd file but we haven't
explicitly allowed access to)? This is what I have in the radius.cfg:
AuthPort 1812
AcctPort 1813
LogDir /var/log/radius
DbDir /usr/local/etc/raddb
# 4.30.99 -seg-
Trace 4
BindAddress 207.121.72.227
#NasType Cisco
#SNMPCommunity public
# end -seg-
<SessionDatabase DBM>
Identifier SEGRADIUS1
FileName %D/online
</SessionDatabase>
<Log SYSLOG>
Facility local7
Trace 3
</Log>
<Realm DEFAULT>
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
MaxSessions 1
AcctLogFileName %L/details
WtmpFileName %L/wtmp
PasswordLogFileName %L/password.log
# <AuthBy UNIX>
# Identifier System
# Filename /etc/shadow
# GroupFilename /etc/group
# DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
# </AuthBy>
# AuthBy FILE added 5.7.1999 by ram for testing
<AuthBy FILE>
Filename /usr/local/etc/users
</AuthBy>
</Realm>
<Client DEFAULT>
Secret ******
</Client>
<Client x.x.x.x>
Secret *******
NasType RedCreek:NAS
</Client>
Users file looks like:
DEFAULT Service-Type = Login-User, Auth-Type = System
Idle-Timeout = 2000
user1 Service-Type = Framed-User, Auth-Type = System
Red-Creek-Tunneled-IP-Addr = x.x.x.x
Red-Creek-Tunneled-DNS-Server = x.x.x.x, x.x.x.x
Red-Creek-Tunneled-Netmask = 255.255.255.224
Idle-Timeout = 2000
NasType = RedCreek:NAS
Framed-Protocol = PPP
kilroy Service-Type = Framed-User, Auth-Type = System
Red-Creek-Tunneled-IP-Addr = x.x.x.x
Red-Creek-Tunneled-DNS-Server = x.x.x.x, x.x.x.x
Red-Creek-Tunneled-Netmask = 255.255.255.224
Idle-Timeout = 2000
NasType = RedCreek:NAS
Framed-Protocol = PPP
Secondly, we have a vendor that needs some entries in the dictionary file.
They have specified the following:
RedCreek.attr RedCreek.value 1958 RedCreek
RedCreek.attr RedCreek-Tunneled-IP-Addr 5 ipaddr (*,0)
.
.
.
That didn't work so I changed it to look like the following:
VENDORATTR RedCreek-Tunneled-IP-Addr 5 ipaddr (*,0)
VENDORATTR RedCreek-Tunneled-IP-Network 6 ipaddr (*,0)
VENDORATTR RedCreek-Tunneled-Gateway 7 ipaddr (1,0)
VENDORATTR RedCreek-Tunneled-DNS-Server 8 string (1,0)
VENDORATTR RedCreek-Tunneled-WINS-Server1 9 string (1,0)
VENDORATTR RedCreek-Tunneled-WINS-Server2 10 string (1,0)
VENDORATTR RedCreek-Tunneled-HostName 11 string (1,0)
VENDORATTR RedCreek-Tunneled-DomainName 12 string (1,0)
VENDORATTR RedCreek-Tunneled-Search-List 13 string (1,0)
Still getting errors
Fri May 7 15:39:01 1999: ERR: Bad format in dictionary
'/usr/local/etc/raddb/dictionary' at line 1275
Fri May 7 15:39:01 1999: ERR: Bad format in dictionary
'/usr/local/etc/raddb/dictionary' at line 1276
Any help, as always, is appreciated.
Ric
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
