Re: [RADIATOR] RADGROUPAUTH and RADUSERS

Mon, 12 Nov 2012 03:05:25 -0800 

On 11/10/2012 05:21 PM, Murat Bilal wrote:

> I added a new user from RADMIN but it always use the group2  defined in
> <ServerTACACSPLUS> clause.Although the user do not belong any group.
> 
> *My <ServerTACACSPLUS> includes two groups but always reply come from
> group2.I am very confused.please help.*

Try this:

1. Use OSC-AVPAIR as the group attribute in Radmin. That is, add the
users and then add OSC-AVPAIR for the users with desired group value
(group1, group2, ...) as the value.

2. Change GroupMemberAttr in ServerTACACSPLUS to OSC-AVPAIR

The default UserAttrQuery should then retrieve OSC-AVPAIR from the
Radmin DB and return it with the reply to ServerTACACSPLUS. The
ServerTACACSPLUS clause will then use the value of OSC-AVPAIR to do the
AuthorizeGroup matching.

Thanks,
Heikki


> * *
> 
> *<ServerTACACSPLUS>*
> 
> *         AddToRequest OSC-Group-Identifier = group1*
> 
> *         AddToRequest OSC-Group-Identifier = group2*
> 
> *         AuthorizeGroup group1 permit service=shell cmd=\*
> {cisco-avpair="priv-lvl=15"}*
> 
> *          GroupMemberAttr OSC-Group-Identifier*
> 
> *          AuthorizeGroup group1  permit service=shell cmd=show cmd-args=.**
> 
> *         AuthorizeGroup group1 permit .**
> 
> * *
> 
> *         AuthorizeGroup  group2  deny .**
> 
> * *
> 
> *</ServerTACACSPLUS> *
> 
> * *
> 
> *My sample radius.cfg I at the attachment.*
> 
> * *
> 
> *MURAT BÄ°LAL * 
> *Services Engineer*
> 
> 
> Ericsson Turkey
> CU Customer Support
> Cyber Plaza C Blok Kat:1 No:146
> Cyberpark 6800 Bilkent/Ankara
> Mobile +90 554 898 98 43
> [email protected] <mailto:[email protected]>
> www.ericsson.com  
> 
> 
> 
> <http://www.ericsson.com/>  
> 
> 
> This Communication is Confidential. We only send and receive email on
> the basis of the terms set out at www.ericsson.com/email_disclaimer
> <http://www.ericsson.com/email_disclaimer>  
> 
>  
> 
> 
> 
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen <[email protected]>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to