Hi Ric,
On May 7, 4:04pm, Ric Messier wrote:
> Subject: (RADIATOR) Dual part question
> Okay,
> First part: is it possible to auth from a UNIX passwd/shadow file but
have
> a user database so we can hand out IP addresses to specific users (and
> hopefully choke off anyone who is in the passwd file but we haven't
> explicitly allowed access to)? This is what I have in the radius.cfg:
Yes, no problem. You will want something like this:
<Realm DEFAULT>
<AuthBy FILE>
Filename filename
</AuthBy>
</Realm>
<AuthBy UNIX>
Identifier System
</AuthBy>
And in your user database, and entry for each user that you wish to permit,
along with any user-specific reply itmes
user1 Auth-Type=System
Framed-IP-Address=1.2.3.4
user2 Auth-Type=System
Framed-IP-Address=1.2.3.5
etc
>
>
> AuthPort 1812
> AcctPort 1813
>
> LogDir /var/log/radius
> DbDir /usr/local/etc/raddb
>
>
> # 4.30.99 -seg-
> Trace 4
> BindAddress 207.121.72.227
> #NasType Cisco
> #SNMPCommunity public
> # end -seg-
>
> <SessionDatabase DBM>
> Identifier SEGRADIUS1
> FileName %D/online
> </SessionDatabase>
>
> <Log SYSLOG>
> Facility local7
> Trace 3
> </Log>
>
> <Realm DEFAULT>
> RewriteUsername s/^([^@]+).*/$1/
>
> RewriteUsername tr/A-Z/a-z/
> MaxSessions 1
> AcctLogFileName %L/details
> WtmpFileName %L/wtmp
> PasswordLogFileName %L/password.log
>
> # <AuthBy UNIX>
> # Identifier System
> # Filename /etc/shadow
> # GroupFilename /etc/group
> # DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
> # </AuthBy>
>
> # AuthBy FILE added 5.7.1999 by ram for testing
>
> <AuthBy FILE>
> Filename /usr/local/etc/users
> </AuthBy>
>
> </Realm>
>
> <Client DEFAULT>
> Secret ******
> </Client>
>
> <Client x.x.x.x>
> Secret *******
> NasType RedCreek:NAS
> </Client>
>
>
> Users file looks like:
>
>
> DEFAULT Service-Type = Login-User, Auth-Type = System
> Idle-Timeout = 2000
>
> user1 Service-Type = Framed-User, Auth-Type = System
> Red-Creek-Tunneled-IP-Addr = x.x.x.x
> Red-Creek-Tunneled-DNS-Server = x.x.x.x, x.x.x.x
> Red-Creek-Tunneled-Netmask = 255.255.255.224
> Idle-Timeout = 2000
> NasType = RedCreek:NAS
> Framed-Protocol = PPP
>
> kilroy Service-Type = Framed-User, Auth-Type = System
> Red-Creek-Tunneled-IP-Addr = x.x.x.x
> Red-Creek-Tunneled-DNS-Server = x.x.x.x, x.x.x.x
> Red-Creek-Tunneled-Netmask = 255.255.255.224
> Idle-Timeout = 2000
> NasType = RedCreek:NAS
> Framed-Protocol = PPP
>
>
> Secondly, we have a vendor that needs some entries in the dictionary
file.
> They have specified the following:
>
> RedCreek.attr RedCreek.value 1958 RedCreek
> RedCreek.attr RedCreek-Tunneled-IP-Addr 5 ipaddr (*,0)
> .
> .
> .
>
>
> That didn't work so I changed it to look like the following:
>
> VENDORATTR RedCreek-Tunneled-IP-Addr 5 ipaddr (*,0)
> VENDORATTR RedCreek-Tunneled-IP-Network 6 ipaddr (*,0)
> VENDORATTR RedCreek-Tunneled-Gateway 7 ipaddr (1,0)
> VENDORATTR RedCreek-Tunneled-DNS-Server 8 string (1,0)
> VENDORATTR RedCreek-Tunneled-WINS-Server1 9 string (1,0)
> VENDORATTR RedCreek-Tunneled-WINS-Server2 10 string (1,0)
> VENDORATTR RedCreek-Tunneled-HostName 11 string (1,0)
> VENDORATTR RedCreek-Tunneled-DomainName 12 string (1,0)
> VENDORATTR RedCreek-Tunneled-Search-List 13 string (1,0)
>
> Still getting errors
> Fri May 7 15:39:01 1999: ERR: Bad format in dictionary
> '/usr/local/etc/raddb/dictionary' at line 1275
> Fri May 7 15:39:01 1999: ERR: Bad format in dictionary
> '/usr/local/etc/raddb/dictionary' at line 1276
>
> Any help, as always, is appreciated.
You want something like this
VENDORATTR 1958 RedCreek-Tunneled-IP-Addr 5 ipaddr
VENDORATTR 1958 RedCreek-Tunneled-IP-Network 6 ipaddr
etc
Hope that helps.
Cheers
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
