Re: (RADIATOR) more simple way to reject a certain group of users

Fri, 07 Apr 2000 17:56:11 -0700 


Hello John -

I've also copied this to Jay Pharis who had expressed a similar interest some
months ago.

On Sat, 08 Apr 2000, John Coy wrote:
> In my operation, we sell e-mail only accounts which get
> written to /etc/password/shadow.  However, we also use
> /etc/password/shadow to authenticate using Radius.  When an
> e-mail only user is created, his shell is set to
> /usr/bin/mailshell, and I have a script that extracts
> those usernames and places them in a "group" file.
> Radiator uses that group file to reject users:
> 
> in my users file:
> DEFAULT Auth-Type = UNIX, Group = mail, Auth-Type = "Reject:  Dial-up 
> access not
>   authorized for this account"
> 
> in my radiusd.cfg file:
> <AuthBy UNIX>
>          Identifier      UNIX
>          Filename        /usr/local/etc/shadow
>          GroupFilename   /usr/local/etc/group
> </Authby>
> 
> The dilemma I'm having is that the "group" file is a single large
> comma-delimited string, and it's 'ugly'.  Is there a better way
> to reject a group of users based on the value of their shell
> variable, or is there a way I can write a different type of
> file (or even an SQL query) with a list of usernames to reject.
> 

Well, if you don't want to even generate the group file, you could always write
a PostAuthHook to check the "shell" directly. Te help in doing this, here are a
couple of useful things to start with:

1. look in Radius/AuthSYSTEM.pm to see how to retrieve the "shell" field from
the user record

2. get the example hooks code from the patches area

        http://www.open.com.au/radiator/downloads/patches-2.15/hooks.txt

3. build a PostAuthHook to check the shell

hth

Hugh

ps - if you would like me to do it, just send in a purchase order for some
consulting time (an hour or two should do it...)

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to