Re: (RADIATOR) How to reject users in a file

Fri, 12 Sep 2003 16:25:01 -0700


Hello Mike -

Yes this is quite simple to acheive.

<Handler Realm=MODEMS>
        RewriteUsername s/^([EMAIL PROTECTED]).*/$1/
        <AuthBy GROUP>
                AuthByPolicy ContinueUntilReject

                <AuthBy FILE>
                        Filename %D/reject.users
                        AcceptIfMissing
                </AuthBy>

                <AuthBy PAM>
                        Fork
                        Service radiusd
                </AuthBy>

        </AuthBy>
        AuthLog Modem_Login_Failures
         AcctLogFileName %L/Modems.log
</Handler>


The file "%D/reject.users" would contain something like this:

# reject.users

username1 Auth-Type = Reject

username2 Auth-Type = Reject

.......


If you have any other questions, please contact me.

regards

Hugh


On Saturday, Sep 13, 2003, at 06:56 Australia/Melbourne, Forbes Mike wrote:


I have a request to block certain users access to our modem pool.

Users are first authenticated by kerb via PAM. What I would like to do is
have radius then check to see if they are listed in a file and reject them
only if they are listed. If they are not in the file they can logon.

I saw the username authtype example in the manual, is there a way to do
this in a file for a larger number?

Could you do the AuthByPolicy ContinueWhileReject and put this before my
authbypam below?

My handler is below.

Mike Forbes


<Handler Realm=MODEMS>
        RewriteUsername s/^([EMAIL PROTECTED]).*/$1/
        <AuthBy GROUP>
                AuthByPolicy ContinueUntilReject
                <AuthBy PAM>
                        Fork
                        Service radiusd
                </AuthBy>
        </AuthBy>
        AuthLog Modem_Login_Failures
         AcctLogFileName %L/Modems.log
</Handler>


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.



NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to