Hi Ric,

On May 7,  4:04pm, Ric Messier wrote:
> Subject: (RADIATOR) Dual part question
> Okay,
>       First part: is it possible to auth from a UNIX passwd/shadow file but
have
> a user database so we can hand out IP addresses to specific users (and
> hopefully choke off anyone who is in the passwd file but we haven't
> explicitly allowed access to)? This is what I have in the radius.cfg:

Yes, no problem. You will want something like this:

<Realm DEFAULT>
        <AuthBy FILE>
                Filename filename
        </AuthBy>
</Realm>

<AuthBy UNIX>
        Identifier System
</AuthBy>

And in your user database, and entry for each user that you wish to permit,
along with any user-specific reply itmes

user1   Auth-Type=System
        Framed-IP-Address=1.2.3.4

user2   Auth-Type=System
        Framed-IP-Address=1.2.3.5

etc



>
>
>   AuthPort 1812
> AcctPort 1813
>
> LogDir /var/log/radius
> DbDir /usr/local/etc/raddb
>
>
> # 4.30.99 -seg-
> Trace 4
> BindAddress 207.121.72.227
> #NasType Cisco
> #SNMPCommunity public
> # end -seg-
>
> <SessionDatabase DBM>
>         Identifier SEGRADIUS1
>         FileName %D/online
> </SessionDatabase>
>
> <Log SYSLOG>
>         Facility local7
>         Trace 3
> </Log>
>
> <Realm DEFAULT>
>         RewriteUsername s/^([^@]+).*/$1/
>
>         RewriteUsername tr/A-Z/a-z/
>         MaxSessions 1
>         AcctLogFileName %L/details
>         WtmpFileName %L/wtmp
>         PasswordLogFileName %L/password.log
>
> #       <AuthBy UNIX>
> #               Identifier System
> #               Filename /etc/shadow
> #               GroupFilename /etc/group
> #               DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
> #       </AuthBy>
>
> # AuthBy FILE added 5.7.1999 by ram for testing
>
>         <AuthBy FILE>
>                 Filename /usr/local/etc/users
>         </AuthBy>
>
> </Realm>
>
> <Client DEFAULT>
>         Secret ******
> </Client>
>
> <Client x.x.x.x>
>         Secret *******
>         NasType RedCreek:NAS
> </Client>
>
>
> Users file looks like:
>
>
> DEFAULT Service-Type = Login-User, Auth-Type = System
>         Idle-Timeout = 2000
>
> user1   Service-Type = Framed-User, Auth-Type = System
>         Red-Creek-Tunneled-IP-Addr = x.x.x.x
>         Red-Creek-Tunneled-DNS-Server = x.x.x.x, x.x.x.x
>         Red-Creek-Tunneled-Netmask = 255.255.255.224
>         Idle-Timeout = 2000
>         NasType = RedCreek:NAS
>         Framed-Protocol = PPP
>
> kilroy  Service-Type = Framed-User, Auth-Type = System
>         Red-Creek-Tunneled-IP-Addr = x.x.x.x
>         Red-Creek-Tunneled-DNS-Server = x.x.x.x, x.x.x.x
>         Red-Creek-Tunneled-Netmask = 255.255.255.224
>         Idle-Timeout = 2000
>         NasType = RedCreek:NAS
>         Framed-Protocol = PPP
>
>
>       Secondly, we have a vendor that needs some entries in the dictionary
file.
> They have specified the following:
>
> RedCreek.attr RedCreek.value                  1958            RedCreek
> RedCreek.attr RedCreek-Tunneled-IP-Addr       5       ipaddr  (*,0)
> .
> .
> .
>
>
>       That didn't work so I changed it to look like the following:
>
> VENDORATTR      RedCreek-Tunneled-IP-Addr       5       ipaddr  (*,0)
> VENDORATTR      RedCreek-Tunneled-IP-Network    6       ipaddr  (*,0)
> VENDORATTR      RedCreek-Tunneled-Gateway       7       ipaddr  (1,0)
> VENDORATTR      RedCreek-Tunneled-DNS-Server    8       string  (1,0)
> VENDORATTR      RedCreek-Tunneled-WINS-Server1  9       string  (1,0)
> VENDORATTR      RedCreek-Tunneled-WINS-Server2  10      string  (1,0)
> VENDORATTR      RedCreek-Tunneled-HostName      11      string  (1,0)
> VENDORATTR      RedCreek-Tunneled-DomainName    12      string  (1,0)
> VENDORATTR      RedCreek-Tunneled-Search-List   13      string  (1,0)
>
>       Still getting errors
> Fri May  7 15:39:01 1999: ERR: Bad format in dictionary
> '/usr/local/etc/raddb/dictionary' at line 1275
> Fri May  7 15:39:01 1999: ERR: Bad format in dictionary
> '/usr/local/etc/raddb/dictionary' at line 1276
>
>       Any help, as always, is appreciated.

You want something like this
VENDORATTR      1958    RedCreek-Tunneled-IP-Addr       5       ipaddr
VENDORATTR      1958    RedCreek-Tunneled-IP-Network    6       ipaddr

etc

Hope that helps.
Cheers


-- 
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to