Yes , you are right PreHandlerHook is not required here for Group checking, but I want
to have
different MaxSessions values for different groups. Due to some reasons I can't use
SNMP with my
NAS (i.e Cisco 7507). Is there a way to have different MaxSessions values for
different users
groups., without using any external program (finger,snmpget or snmpwalk etc.)
Thanks
Khurram
Hugh Irvine wrote:
> Hello Khurram -
>
> On Mon, 17 Apr 2000, Khurram Shahzad wrote:
> >
> > Hi Hugh,
> >
> > I am using Radiator 2.15 ( all patches applied) on Sun Ultra-1 with Solaris 2.6.
> > My NAS is Cisco 7507 with IOS 12.03(T3).
> > All the required files are pasted below.
> >
> > My Configuration File
> > -------------------------- radius.conf ---------------------------
> > # Shaheer Dialup Accounts
> > Foreground
> > LogStdout
> > Trace 4
> > AuthPort 1812
> > AcctPort 1813
> >
> > LogDir /usr/local/etc/raddb
> > DbDir /usr/local/etc/raddb
> >
> > LogFile %L/logfile.%Y%m%d
> >
> > <Client c1.shaheer.net.sa>
> > Secret xxx
> > </Client>
> > <Client c2.shaheer.net.sa>
> > PreHandlerHook sub { my $p = ${$_[0]}; \
> > my $username = $p->get_attr('User-Name'); \
> > my ($name,$passwd,$uid,$gid,$quota,$comments,$gcos,$dir,$shell) =
> > getpwnam($username); \
> > if ($gid == "10") { \
> > $p->add_attr('Group-Name', 'staff'); } \
> > }
> > Secret yyy
> > </Client>
> > <Client c3.shaheer.net.sa>
> > Secret zzz
> > </Client>
> > <Client c4.shaheer.net.sa>
> > Secret xyz
> > </Client>
> >
> > <Handler Group=staff>
> > <AuthBy FILE>
> > Filename %D/StaffUsers
> > </AuthBy>
> > </Handler>
> > <Realm>
> > #RewriteUsername s/^([^@]+).*/$1/
> > #MaxSessions 1
> > #<AuthBy GROUP>
> > # AuthByPolicy ContinueUntilAccept
> > <AuthBy FILE>
> > # The filename defaults to %D/users
> > </AuthBy>
> > # <AuthBy FILE>
> > # Filename %D/StaffUsers
> > # </AuthBy>
> > #</AuthBy>
> > AcctLogFileFormat %l '%{User-Name}' %{Acct-Session-Time} %{Acct-Status-Type} \
> > %{Acct-Session-Id} %{Acct-Terminate-Cause} %{NAS-Port-Type} %{NAS-IP-Address}
> > %{NAS-Port} \
> > %{Framed-IP-Address} %{Framed-Protocol}
> > AcctLogFileName %L/logfile.%Y%m%d
> > </Realm>
> > <AuthBy SYSTEM>
> > Identifier System
> > UseGetspnam
> > </AuthBy>
>
> Thank you for sending the configuration file and trace output - it makes it
> much easier to help you. It might also be helpful if you could explain what
> your requirements are and what the configuration file should be doing.
>
> There are several things that will cause you problems in your configuration
> file, so I think I will make some suggestions in an example below:
>
> # configuration for shaheer.net.sa
> # Shaheer Dialup Accounts
>
> Foreground
> LogStdout
> Trace 4
> AuthPort 1812
> AcctPort 1813
>
> LogDir /usr/local/etc/raddb
> DbDir /usr/local/etc/raddb
>
> LogFile %L/logfile.%Y%m%d
>
> <Client c1.shaheer.net.sa>
> Secret xxx
> </Client>
>
> <Client c2.shaheer.net.sa>
> Secret yyy
> </Client>
>
> <Client c3.shaheer.net.sa>
> Secret zzz
> </Client>
>
> <Client c4.shaheer.net.sa>
> Secret xyz
> </Client>
>
> <Realm>
> RewriteUsername s/^([^@]+).*/$1/
> MaxSessions 1
> AuthByPolicy ContinueUntilAccept
> <AuthBy FILE>
> # The filename defaults to %D/users
> </AuthBy>
> <AuthBy FILE>
> Filename %D/StaffUsers
> </AuthBy>
>
> AcctLogFileFormat %l '%{User-Name}' %{Acct-Session-Time} %{Acct-Status-Type} \
> %{Acct-Session-Id} %{Acct-Terminate-Cause} %{NAS-Port-Type} %{NAS-IP-Address}
>%{NAS-Port} \
> %{Framed-IP-Address} %{Framed-Protocol}
> AcctLogFileName %L/logfile.%Y%m%d
> </Realm>
>
> <AuthBy SYSTEM>
> Identifier System
> UseGetspnam
> </AuthBy>
>
> Then in the file %D/StaffUsers you would have this:
>
> # file %D/StaffUsers
>
> DEFAULT Auth-Type = System, Group = staff
> Service-Type = Framed-User,
> Framed-Protocol = PPP
>
> And in the file %D/users you would have this:
>
> # file %D/users
>
> DEFAULT Auth-Type = System, Group = special
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Vendor-Specific = cisco-avpair,
> cisco-avpair = "ip:addr-pool=test"
>
> DEFAULT Auth-Type = System, Group = public
> Service-Type = Framed-User,
> Framed-Protocol = PPP
>
> DEFAULT Auth-Type = System, Group = demo
> Service-Type = Framed-User,
> Framed-Protocol = PPP
>
> Note that a PreHandlerHook is not required to provide Group checking.
>
> hth
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
----------------------------------------------------------------------
* Khurram Shahzad System Administrator
* Shaheer Technics Inc. 4th Floor, Office No. 414
* Olaya Street - P.O. Box 67073 Riyadh 11596, Saudi Arabia
*
* Phone:- 9661-460-1409 (Ext. 107) Fax: 9661-460-1911
* E mailto:[EMAIL PROTECTED] Web: http://www.shaheer.net.sa
----------------------------------------------------------------------
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
