Salut Gildas -
On Fri, 11 Feb 2000, Gildas PERROT wrote:
> Salut Hugh,
>
> > > - is it possible to define default check and reply items like :
> > >
> > > Auth-Type = System
> > > User-Service-Type = Framed-User,
> > > Framed-Protocol = PPP,
> > > Framed-Netmask = 255.255.255.0,
> > > Framed-Routing = None,
> > > Framed-MTU = 1500,
> > > Ascend-Idle-Limit = 600
> > >
> > > for each user instead of defining them in users file ?
> >
> > Sure - you can use AddToReply or AddToReplyIfNotExist in your AuthBy, or you
> > can use cascaded AuthBy's. Tell me a bit more about what you want to do and
> > I'll give you an example configuration file.
> >
> > > In this case, do other entries in users file take precedence on default one ?
> >
> > If you specify AddToReplyIfNotExist, the users file will take precedence.
>
> What I would like is to define the minimum things in users database and define
> default check and reply items which can be overwritten by users entries.
> I would like to defined the default check items :
>
> Auth-Type = System
> User-Service-Type = Framed-User
>
> and the default reply items :
>
> Framed-Protocol = PPP,
> Framed-Address = 193.149.106.4,
> Framed-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Ascend-Idle-Limit = 600
>
> I suppose that the only entry for certain users will be its login then ?
>
> > Using the defintion in the standard Radiator dictionary is this:
> >
> > p50fr Password = "fdsfdsfsdf"
> > Service-Type = Framed-User,
> > Framed-Protocol = PPP,
> > Framed-Address = 193.149.103.161,
> > Framed-Netmask = 255.255.255.240,
> > Ascend-Idle-Limit = 300
> >
> > You can either edit your users file to use the standard Radiator dictionary, or
> > add User-Service-Type to the Radiator dictionary (its just a text file). Also
> > notice that there is an error with a trailing comma "," after the
> > Password = "fdsfdsfsdf".
>
> Effectively, a comma after Password = "jjk" is an error but I don't understand
> since Service-Type is check item and in the Figure 6 (Typical user entry in a
> flat user database of 15.2), it is said : no comma at end of check item => I
> would put a comma after Password not after Service Type.
>
I see - I didn't realise you were using Service-Type as a check item - it is OK
to do this of course but I usually see it used as a reply item.
Here is what you want to do:
# define an AuthBy FILE with a file containing only usernames and passwords
<AuthBy FILE>
Identifier CheckUserPassword
Filename %D/user.password
</AuthBy>
# define an AuthBy FILE with a file containing only defaults
<AuthBy FILE>
Identifier CheckUserDefault
Filename %D/user.default
AddToReplyIfNotExist Service-Type = Framed-User, \
Framed-Protocol = PPP, \
Framed-IP-Address = 193.149.106.4, \
Framed-IP-Netmask = 255.255.255.255, \
Framed-Routing = None, \
Framed-MTU = 1500, \
Ascend-Idle-Limit = 600
</AuthBy>
# now define your normal Realms or Handlers
<Realm ....>
AuthBy CheckUserDefault
</Realm>
....
Then the files %D/user.default and %D/user.password would contain the following:
# file %D/user.default
DEFAULT Service-Type = Framed-User, Auth-Type = CheckUserPassword
# file %D/user.password
p50fr Password = "fdsfdsfsdf"
....
How this works is as follows - the selected Realm will call the AuthBy with
"Identifer CheckUserDefault" which will check the Service-Type, then call the
AuthBy with "Identifer CheckUserPasswod"
after checking the username and password (and adding any user-specific reply
attributes), CheckUserPassword returns to CheckUserDefault which adds the
default reply attributes only if they haven't already been added
You should note that AddToReplyIfNotExist is in a patch to Radiator 2.14.1:
http://www.open.com.au/radiator/downloads/patches-2.14.1/
6/9/99 Rolled the AddToReplyIfNotExist.patch into the base code. This code
was contributed by Vincent Gillet <[EMAIL PROTECTED]>, and implemnets
the AddToReplyIfNotExist parameter, which will append an attribute
to a reply if and only if it the attribute is not already present.
AlsoaAdded new check item Request-Type. This is mostly useful
in Handlers, to allow you to trigger on different types of
requests.
Download AuthGeneric.pm and AttrVal.pm from here.
compris? sinon pose des questions...
salut
Hugues
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
