Kind of advanced application I think.
I'm under the impression that I can use Client-Id to force a Check Item:
luser Auth-Type = System, Client-Id = /someplace\.com$/
This should force the RADIUS request for authentication to come from
a NAS IP address in the someplace.com domain, right?
Now, if the luser uses [EMAIL PROTECTED] but I want to
authenticate them with a request from someplace.com I must be doing
something incorrectly. Because what happens is they get rewritten by
my realm config:
<Realm THISDOMAIN.COM>
# Strip leading white space
RewriteUsername s/^\s+//
# Strip trailin white space
RewriteUsername s/\s+$//
# turn into lowercase and chop domain
RewriteUsername tr/A-Z/a-z/
RewriteUsername s/^([^@]+).*/$1/
<AuthBy DBFILE>
Filename %D/users
</AuthBy>
# Log accounting to the detail file in LogDir
AcctLogFileName %L/detail
</Realm>
THISDOMAIN.COM is getting stripped. I do this because I want to allow
them to use [EMAIL PROTECTED] or just luser to minimize tech
support. But I want to restrict user logins with two different user
entry styles:
luser1 Auth-Type = System, Client-Id = /someplace\.com$/
luser2 Auth-Type = System, Client-Id = /THISDOMAIN\.COM$/
In other words, luser1 can only log into ports that have requests
coming from someplace.com, and luser2 only gets in to us if he uses
[EMAIL PROTECTED] or luser2.
Can anyone understand me on this and provide a hint or two? I have a
problem because [EMAIL PROTECTED] is able to log in to
THISDOMAIN.COM ports even though I am using someplace.com as a Check
Item. In other words, a THISDOMAIN.COM NAS request is allowing him
to still log in even though I am using a Client-Id =
/someplace\.com$/ Check Item.
Thanks.
Chris
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
