Re: [RADIATOR] Radmin Web interface

Thu, 29 Nov 2012 15:08:29 -0800 

Hi all,

I do not understand.i want to edit those commands from Radmin Web Interface, 
not in /etc/radiator/radiator.cfg

-----Original Message-----
From: [email protected] [mailto:[email protected]] On 
Behalf Of Heikki Vatiainen
Sent: 29 Kasım 2012 Perşembe 14:58
To: [email protected]
Subject: Re: [RADIATOR] Radmin Web interface

On 11/28/2012 11:16 PM, Murat Bilal wrote:

> In <ServerTACACSPlus> clause I have rules for command auth such as below:
>          AuthorizeGroup DDAP6  permit service=shell cmd\* {priv-lvl=6}
>          AuthorizeGroup DDAP6 deny service=shell cmd=show cmd-arg=.*
>          AuthorizeGroup DDAP6  deny service=shell cmd=ping cmd-arg=.*
>          AuthorizeGroup DDAP6 permit .* {}

> Is it possible to write these rules from Radmin Web interface?If so in 
> which table .I am using the latest Radmin and Radiator version

Hello Murat,

yes, this is possible. Just add each line as e.g., OSC-Authorize-Group with 
Radmin. That is, the user should have four OSC-Authorize-Group reply attributes.

Then configure your <ServerTACACSPLUS> with
  AuthorizeGroupAttr OSC-Authorize-Group

When you authenticate, the Access-Accept should have:
        OSC-Authorize-Group = "permit service=shell cmd\* {priv-lvl=6}"
        OSC-Authorize-Group = "deny service=shell cmd=show cmd-arg=.*"
        OSC-Authorize-Group = "deny service=shell cmd=ping cmd-arg=.*"
        OSC-Authorize-Group = "permit .* {}"
        OSC-Group-Identifier = "group1"

Here OSC-Group-Identifier is configured as GroupMemberAttr. This will set 
'group1' as the authorization group for the user. During the authorization the 
OSC-Authorize-Group attribute values are processed first followed by group1 
values as defined by AuthorizeGroup configuration options.

Thanks,
Heikki


--
Heikki Vatiainen <[email protected]>

Radiator: the most portable, flexible and configurable RADIUS server anywhere. 
SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, 
TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, 
RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, 
Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to