On Tue, 16 Jan 2001, Hugh Irvine wrote:
> Hello Jean-Jaques -
...
> There will undoubtedly be some configuration items to set on the
> Foundry switches to send authentication requests to Radius.
Commands on the switch would look something like this:
radius-server host 10.1.2.3
radius-server key YourSecretKey
aaa authentication login default radius enable local
aaa authentication enable default radius enable local
The "radius enable local" arguments are a list of
authentication sources, in the order they should be
tried.
> We do not have a dictionary for Foundry, but the standard Radiator
> dictionary should allow you to at least get simple logins working.
# Foundry Vendor Attributes
VENDORATTR 1991 foundry-privilege-level 1 integer
VENDORATTR 1991 foundry-command-string 2 string
VENDORATTR 1991 foundry-command-exception-flag 3 integer
VALUE foundry-privilege-level Superuser 0
VALUE foundry-privilege-level PortConfig 4
VALUE foundry-privilege-level ReadOnly 5
VALUE foundry-command-exception-flag PermitList-DenyOthers 0
VALUE foundry-command-exception-flag DenyList-PermitOthers 1
The foundry-command-string value is set to a list of commands,
separated by semi-colons, and can include wildcards, e.g.
"show *;debug ip *;write term".
At the moment I just use AddToReply, e.g.:
AddToReply foundry-privilege-level=Superuser, \
foundry-command-string="*", \
foundry-command-exception-flag=PermitList-DenyOthers
Hope this helps. The Foundry docs aren't bad, and the Sept. 2000
configuration guide has radius info on pages 3-34 to 3-41.
Cheers,
Kevin Schmidt [EMAIL PROTECTED]
Campus Network Programmer (805) 893-7779
Engineering Computing Infrastructure (805) 893-8553 FAX
University of California, Santa Barbara
Santa Barbara, CA 93106
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
