Okay,
        First part: is it possible to auth from a UNIX passwd/shadow file but have
a user database so we can hand out IP addresses to specific users (and
hopefully choke off anyone who is in the passwd file but we haven't
explicitly allowed access to)? This is what I have in the radius.cfg:


  AuthPort 1812
AcctPort 1813

LogDir /var/log/radius
DbDir /usr/local/etc/raddb


# 4.30.99 -seg-
Trace 4
BindAddress 207.121.72.227
#NasType Cisco
#SNMPCommunity public
# end -seg-

<SessionDatabase DBM>
        Identifier SEGRADIUS1
        FileName %D/online
</SessionDatabase>

<Log SYSLOG>
        Facility local7
        Trace 3
</Log>

<Realm DEFAULT>
        RewriteUsername s/^([^@]+).*/$1/

        RewriteUsername tr/A-Z/a-z/
        MaxSessions 1
        AcctLogFileName %L/details
        WtmpFileName %L/wtmp
        PasswordLogFileName %L/password.log

#       <AuthBy UNIX>
#               Identifier System
#               Filename /etc/shadow
#               GroupFilename /etc/group
#               DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
#       </AuthBy>

# AuthBy FILE added 5.7.1999 by ram for testing

        <AuthBy FILE>
                Filename /usr/local/etc/users
        </AuthBy>

</Realm>

<Client DEFAULT>
        Secret ******
</Client>

<Client x.x.x.x>
        Secret *******
        NasType RedCreek:NAS
</Client>


Users file looks like:


DEFAULT Service-Type = Login-User, Auth-Type = System
        Idle-Timeout = 2000

user1   Service-Type = Framed-User, Auth-Type = System
        Red-Creek-Tunneled-IP-Addr = x.x.x.x
        Red-Creek-Tunneled-DNS-Server = x.x.x.x, x.x.x.x
        Red-Creek-Tunneled-Netmask = 255.255.255.224
        Idle-Timeout = 2000
        NasType = RedCreek:NAS
        Framed-Protocol = PPP

kilroy  Service-Type = Framed-User, Auth-Type = System
        Red-Creek-Tunneled-IP-Addr = x.x.x.x
        Red-Creek-Tunneled-DNS-Server = x.x.x.x, x.x.x.x
        Red-Creek-Tunneled-Netmask = 255.255.255.224
        Idle-Timeout = 2000
        NasType = RedCreek:NAS
        Framed-Protocol = PPP


        Secondly, we have a vendor that needs some entries in the dictionary file.
They have specified the following:

RedCreek.attr   RedCreek.value                  1958            RedCreek
RedCreek.attr   RedCreek-Tunneled-IP-Addr       5       ipaddr  (*,0)
.
.
.


        That didn't work so I changed it to look like the following:

VENDORATTR      RedCreek-Tunneled-IP-Addr       5       ipaddr  (*,0)
VENDORATTR      RedCreek-Tunneled-IP-Network    6       ipaddr  (*,0)
VENDORATTR      RedCreek-Tunneled-Gateway       7       ipaddr  (1,0)
VENDORATTR      RedCreek-Tunneled-DNS-Server    8       string  (1,0)
VENDORATTR      RedCreek-Tunneled-WINS-Server1  9       string  (1,0)
VENDORATTR      RedCreek-Tunneled-WINS-Server2  10      string  (1,0)
VENDORATTR      RedCreek-Tunneled-HostName      11      string  (1,0)
VENDORATTR      RedCreek-Tunneled-DomainName    12      string  (1,0)
VENDORATTR      RedCreek-Tunneled-Search-List   13      string  (1,0)

        Still getting errors
Fri May  7 15:39:01 1999: ERR: Bad format in dictionary
'/usr/local/etc/raddb/dictionary' at line 1275
Fri May  7 15:39:01 1999: ERR: Bad format in dictionary
'/usr/local/etc/raddb/dictionary' at line 1276

        Any help, as always, is appreciated.

Ric


===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to