Hello Khurram -
On Mon, 17 Apr 2000, Khurram Shahzad wrote:
>
> Hi Hugh,
>
> I am using Radiator 2.15 ( all patches applied) on Sun Ultra-1 with Solaris 2.6.
> My NAS is Cisco 7507 with IOS 12.03(T3).
> All the required files are pasted below.
>
> My Configuration File
> -------------------------- radius.conf ---------------------------
> # Shaheer Dialup Accounts
> Foreground
> LogStdout
> Trace 4
> AuthPort 1812
> AcctPort 1813
>
> LogDir /usr/local/etc/raddb
> DbDir /usr/local/etc/raddb
>
> LogFile %L/logfile.%Y%m%d
>
> <Client c1.shaheer.net.sa>
> Secret xxx
> </Client>
> <Client c2.shaheer.net.sa>
> PreHandlerHook sub { my $p = ${$_[0]}; \
> my $username = $p->get_attr('User-Name'); \
> my ($name,$passwd,$uid,$gid,$quota,$comments,$gcos,$dir,$shell) =
> getpwnam($username); \
> if ($gid == "10") { \
> $p->add_attr('Group-Name', 'staff'); } \
> }
> Secret yyy
> </Client>
> <Client c3.shaheer.net.sa>
> Secret zzz
> </Client>
> <Client c4.shaheer.net.sa>
> Secret xyz
> </Client>
>
> <Handler Group=staff>
> <AuthBy FILE>
> Filename %D/StaffUsers
> </AuthBy>
> </Handler>
> <Realm>
> #RewriteUsername s/^([^@]+).*/$1/
> #MaxSessions 1
> #<AuthBy GROUP>
> # AuthByPolicy ContinueUntilAccept
> <AuthBy FILE>
> # The filename defaults to %D/users
> </AuthBy>
> # <AuthBy FILE>
> # Filename %D/StaffUsers
> # </AuthBy>
> #</AuthBy>
> AcctLogFileFormat %l '%{User-Name}' %{Acct-Session-Time} %{Acct-Status-Type} \
> %{Acct-Session-Id} %{Acct-Terminate-Cause} %{NAS-Port-Type} %{NAS-IP-Address}
> %{NAS-Port} \
> %{Framed-IP-Address} %{Framed-Protocol}
> AcctLogFileName %L/logfile.%Y%m%d
> </Realm>
> <AuthBy SYSTEM>
> Identifier System
> UseGetspnam
> </AuthBy>
Thank you for sending the configuration file and trace output - it makes it
much easier to help you. It might also be helpful if you could explain what
your requirements are and what the configuration file should be doing.
There are several things that will cause you problems in your configuration
file, so I think I will make some suggestions in an example below:
# configuration for shaheer.net.sa
# Shaheer Dialup Accounts
Foreground
LogStdout
Trace 4
AuthPort 1812
AcctPort 1813
LogDir /usr/local/etc/raddb
DbDir /usr/local/etc/raddb
LogFile %L/logfile.%Y%m%d
<Client c1.shaheer.net.sa>
Secret xxx
</Client>
<Client c2.shaheer.net.sa>
Secret yyy
</Client>
<Client c3.shaheer.net.sa>
Secret zzz
</Client>
<Client c4.shaheer.net.sa>
Secret xyz
</Client>
<Realm>
RewriteUsername s/^([^@]+).*/$1/
MaxSessions 1
AuthByPolicy ContinueUntilAccept
<AuthBy FILE>
# The filename defaults to %D/users
</AuthBy>
<AuthBy FILE>
Filename %D/StaffUsers
</AuthBy>
AcctLogFileFormat %l '%{User-Name}' %{Acct-Session-Time} %{Acct-Status-Type} \
%{Acct-Session-Id} %{Acct-Terminate-Cause} %{NAS-Port-Type} %{NAS-IP-Address}
%{NAS-Port} \
%{Framed-IP-Address} %{Framed-Protocol}
AcctLogFileName %L/logfile.%Y%m%d
</Realm>
<AuthBy SYSTEM>
Identifier System
UseGetspnam
</AuthBy>
Then in the file %D/StaffUsers you would have this:
# file %D/StaffUsers
DEFAULT Auth-Type = System, Group = staff
Service-Type = Framed-User,
Framed-Protocol = PPP
And in the file %D/users you would have this:
# file %D/users
DEFAULT Auth-Type = System, Group = special
Service-Type = Framed-User,
Framed-Protocol = PPP,
Vendor-Specific = cisco-avpair,
cisco-avpair = "ip:addr-pool=test"
DEFAULT Auth-Type = System, Group = public
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Auth-Type = System, Group = demo
Service-Type = Framed-User,
Framed-Protocol = PPP
Note that a PreHandlerHook is not required to provide Group checking.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
