Hello Peter -
You can also include an Identifier field in your ClientListSQL table
select NASIDENTIFIER,SECRET,NULL,NULL, \
NULL,NULL,NULL,NULL, \
NULL,NULL,NULL,NULL, \
NULL,NULL,IDENTIFIER from RADCLIENTLIST
and use a query like this which will add the Identifier that you specify to
each Client clause.
Then the Handlers that you show below will work as you wish.
regards
Hugh
On Sat, 15 Dec 2001 05:15, Peter Palmreuther wrote:
> Hello List,
>
> I've got a problem. I have a list of many clients, each with a unique
> secret. But all of them should authenticate against the same
> SQL-database. I want to avoid any other client than known to me being
> able to authenticate with my Radiator (v 2.19). Sadly I have only the
> IP addresses of that clients.
>
> If I insert them all in a DB-table and use a <ClientListSQL> statement
> like this:
>
> <ClientListSQL>
> DBSource dbi:mysql:<db>:<host>:<port>
> DBUsername <dbusername>
> DBAuth <dbpassword>
> Identifier Example
> GetClientQuery select NASIDENTIFIER,SECRET from RADCLIENTLIST
> </ClientListSQL>
>
> And use an <Handler> statement like this:
>
> <Handler Request-Type=Access-Request,Client-Identifier=Example>
> MaxSessions 1
> RejectHasReason
> UsernameCharset a-zA-Z0-9\.-_@\#\%
> RewriteUsername s/^([^@]+).*?/$1/
> <AuthBy SQL>
> <some stuff that works>
> </AuthBy>
> </Handler>
>
> plus a default Handler
>
> <Handler>
> </Handler>
>
> How do I bring Radiator to set 'Client-Identifier' to 'Example' if the
> NAS-IP-Address is listed in the table 'RADCLIENTLIST'???
>
> I've tested it with the 'radpwtst' tool, even in GUI variant and
> inserted an entry in the table with 'NASIDENTIFIER=127.0.0.1' and
> correct secret. 'radpwtst' is connection the Radiator at localhost.
> The Request is rejected because it is handled by the default handler.
> I don't know the NAS-Identifier-String, only the IP-Addresses.
> Is it possible to have them all handled this way or do I need to
> insert dozens of
>
> <Client 'IP-Address-01'>
> Secret whatever
> </Client>
> <Client 'IP-Address-02'>
> Secret somethingotherthanfirst
> </Client>
>
> and a
> <Client DEFAULT>
> Secret youneverguessthis
> </Client>
>
> just to be sure _only_ this clients be able to auth?
> I mean, even the 'youneverguess' secret can be guessed and this way
> additional clients could auth ...
>
> There must be a more simple way, or am I wrong?
>
> Thx for answering in advance
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
