We currently have an installation running Radiator 3.15. We use Radiator for TACACS authentication with Safeword. We are moving to version 4.9. Our current radius.cfg, for the default realm, authenticates users with the Authby File:
<Realm DEFAULT>
AuthByPolicy ContinueAlways
<AuthBy FILE>
Filename %D/tacacsusers
</AuthBy> ...
The file tacacusers has entries like the following:
UserOne
Tacacs-Group = ADMIN
UserTwo NAS-IP-Address = 111.111.111.111
Tacacs-Group = ADMIN
UserThree NAS-IP-Address = 222.222.222.222
Tacacs-Group = ADMIN
We then have about 300 additional AuthBy File statements. Each file is for
an individual device/IP at different locations. Users in these files have
different permissions as well. For example, READNOCONFIG or READONLY. This
has gotten to be a maintenance nightmare. Is there a better way to do this?
Also, we have a problem were a users rights for one device will change if
that user authenticates to another device with a higher level. For example,
we see a user authenticating to a device at a read only level. That same
user will then authenticate to another device at an ADMIN level. That users
rights to the first device will be for an ADMIN.
Derek Rider
Contractor
Systems Team
MHS Network Security Operations Center
SPAWAR Systems Center Atlantic (Code 5.8.2.5.0)
Phone: (843) 218-3710
[email protected]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
