Hello John -
I've also copied this to Jay Pharis who had expressed a similar interest some
months ago.
On Sat, 08 Apr 2000, John Coy wrote:
> In my operation, we sell e-mail only accounts which get
> written to /etc/password/shadow. However, we also use
> /etc/password/shadow to authenticate using Radius. When an
> e-mail only user is created, his shell is set to
> /usr/bin/mailshell, and I have a script that extracts
> those usernames and places them in a "group" file.
> Radiator uses that group file to reject users:
>
> in my users file:
> DEFAULT Auth-Type = UNIX, Group = mail, Auth-Type = "Reject: Dial-up
> access not
> authorized for this account"
>
> in my radiusd.cfg file:
> <AuthBy UNIX>
> Identifier UNIX
> Filename /usr/local/etc/shadow
> GroupFilename /usr/local/etc/group
> </Authby>
>
> The dilemma I'm having is that the "group" file is a single large
> comma-delimited string, and it's 'ugly'. Is there a better way
> to reject a group of users based on the value of their shell
> variable, or is there a way I can write a different type of
> file (or even an SQL query) with a list of usernames to reject.
>
Well, if you don't want to even generate the group file, you could always write
a PostAuthHook to check the "shell" directly. Te help in doing this, here are a
couple of useful things to start with:
1. look in Radius/AuthSYSTEM.pm to see how to retrieve the "shell" field from
the user record
2. get the example hooks code from the patches area
http://www.open.com.au/radiator/downloads/patches-2.15/hooks.txt
3. build a PostAuthHook to check the shell
hth
Hugh
ps - if you would like me to do it, just send in a purchase order for some
consulting time (an hour or two should do it...)
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.