RE: (RADIATOR) Feature Request

Mon, 3 Jan 2000 10:05:10 -0800 

Hugh:

>Hello Erik -
>
>On Thu, 23 Dec 1999, Erik Meitner wrote:
>>
>>   It would be nice to have an option that allows one to add
>a check-item to
>> every authentication request, much like how AddToReply works. ie:
>>
>> <AuthBy FILE>
>>     Filename %D/users
>>     AddToCheck Group=user
>> </AuthBy>
>>
>
>You can already do this with cascaded AuthBy's, something like this:
>
># create an AuthBy FILE with Identifier Users
>
><AuthBy FILE>
>       Identifier Users
>       Filename %D/users
></AuthBy>
>
># your normal Handler
>
><Handler ....>
>       <AuthBy FILE>
>               Filename %D/groups
>       </AuthBy>
></Handler>
>
>
>Then in your file %D/groups you would have the following:
>
># check groups then refer to users file via the Identifier
>
>DEFAULT        Group = user, Auth-Type = Users
>
>
>And of course your existing users file would remain the same.
>
>The advantage of this approach is that it is generalised and
>AuthBy's can be
>nested to any depth (and any AuthBy method can be used).
>
>hth
>
>Hugh

Hmm. Something is not working.  A 'Group' check item seems to only work in
the file where 'Auth-Type=System' is used.

The log for the following configuration:
Wed Dec 29 14:50:03 1999: DEBUG: Reading users file
/usr/local/etc/raddb/users
Wed Dec 29 14:50:03 1999: DEBUG: Reading users file
/usr/local/etc/raddb/users-def
Wed Dec 29 14:50:03 1999: INFO: Server started
Wed Dec 29 14:50:10 1999: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Dec 29 14:50:10 1999: DEBUG: Rewrote user name to emeitner
Wed Dec 29 14:50:10 1999: DEBUG: Rewrote user name to emeitner
Wed Dec 29 14:50:10 1999: DEBUG: Rewrote user name to emeitner
Wed Dec 29 14:50:10 1999: DEBUG: Deleting session for emeitner,
203.63.154.1, 1234
Wed Dec 29 14:50:10 1999: DEBUG: Handling with Radius::AuthFILE
Wed Dec 29 14:50:10 1999: DEBUG: Radius::AuthFILE looks for match with
emeitner
Wed Dec 29 14:50:10 1999: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Wed Dec 29 14:50:10 1999: DEBUG: Handling with Radius::AuthFILE
Wed Dec 29 14:50:10 1999: DEBUG: Radius::AuthFILE looks for match with
emeitner
Wed Dec 29 14:50:10 1999: WARNING: This AuthBy does not know how to check
Group membership
Wed Dec 29 14:50:10 1999: DEBUG: Radius::AuthFILE REJECT: User emeitner is
not in Group user
Wed Dec 29 14:50:10 1999: DEBUG: Radius::AuthFILE REJECT: User emeitner is
not in Group user
Wed Dec 29 14:50:10 1999: INFO: Access rejected for emeitner: User emeitner
is not in Group user
Wed Dec 29 14:50:10 1999: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Dec 29 14:50:10 1999: DEBUG: Rewrote user name to emeitner
Wed Dec 29 14:50:10 1999: DEBUG: Rewrote user name to emeitner
Wed Dec 29 14:50:10 1999: DEBUG: Rewrote user name to emeitner
Wed Dec 29 14:50:10 1999: DEBUG: Adding session for emeitner, 203.63.154.1,
1234
Wed Dec 29 14:50:10 1999: DEBUG: Handling with Radius::AuthFILE
Wed Dec 29 14:50:10 1999: DEBUG: Accounting accepted
Wed Dec 29 14:50:10 1999: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Dec 29 14:50:10 1999: DEBUG: Rewrote user name to emeitner
Wed Dec 29 14:50:10 1999: DEBUG: Rewrote user name to emeitner
Wed Dec 29 14:50:10 1999: DEBUG: Rewrote user name to emeitner
Wed Dec 29 14:50:10 1999: DEBUG: Deleting session for emeitner,
203.63.154.1, 1234
Wed Dec 29 14:50:10 1999: DEBUG: Handling with Radius::AuthFILE
Wed Dec 29 14:50:10 1999: DEBUG: Accounting accepted

Here is how I have my AuthBy's setup(minus extra junk):

<AuthBy SYSTEM>
        Identifier System
</AuthBy>

#main users file
<AuthBy FILE>
        NoDefaultIfFound
          Identifier MainUser
        Filename %D/users
</AuthBy>

<Realm DEFAULT>
        AcctLogFileName %L/detail
        <AuthBy FILE>
               Filename %D/users-def
        </AuthBy>
</Realm>

users-def file:
DEFAULT         Auth-Type=MainUsers, Group = user

users file:
DEFAULT         Auth-Type = System
        User-Service = Framed-User,
        Ascend-Idle-Limit = 3600


emeitner         Auth-Type = System, Time = "Al0600-1800"
        User-Service = Framed-User,
        Ascend-Idle-Limit = 3600
--------
If users-def file is changed to:
DEFAULT         Auth-Type=System, Group = user

it will work.

Thanks.




===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to