On 11/30/2012 01:07 AM, Murat Bilal wrote: > I do not understand.i want to edit those commands from Radmin Web Interface, > not in /etc/radiator/radiator.cfg
Hello Murat, please see below, I was describing doing this with Radmin. With Radmin you need to add each line as a reply attribute. The attribute name (such as OSC-Authorize-Group) is then configured as AuthorizeGroupAttr in <ServerTACACSPLUS>. Thanks, Heikki > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Heikki Vatiainen > Sent: 29 Kasım 2012 Perşembe 14:58 > To: [email protected] > Subject: Re: [RADIATOR] Radmin Web interface > > On 11/28/2012 11:16 PM, Murat Bilal wrote: > >> In <ServerTACACSPlus> clause I have rules for command auth such as below: >> AuthorizeGroup DDAP6 permit service=shell cmd\* {priv-lvl=6} >> AuthorizeGroup DDAP6 deny service=shell cmd=show cmd-arg=.* >> AuthorizeGroup DDAP6 deny service=shell cmd=ping cmd-arg=.* >> AuthorizeGroup DDAP6 permit .* {} > >> Is it possible to write these rules from Radmin Web interface?If so in >> which table .I am using the latest Radmin and Radiator version > > Hello Murat, > > yes, this is possible. Just add each line as e.g., OSC-Authorize-Group with > Radmin. That is, the user should have four OSC-Authorize-Group reply > attributes. > > Then configure your <ServerTACACSPLUS> with > AuthorizeGroupAttr OSC-Authorize-Group > > When you authenticate, the Access-Accept should have: > OSC-Authorize-Group = "permit service=shell cmd\* {priv-lvl=6}" > OSC-Authorize-Group = "deny service=shell cmd=show cmd-arg=.*" > OSC-Authorize-Group = "deny service=shell cmd=ping cmd-arg=.*" > OSC-Authorize-Group = "permit .* {}" > OSC-Group-Identifier = "group1" > > Here OSC-Group-Identifier is configured as GroupMemberAttr. This will set > 'group1' as the authorization group for the user. During the authorization > the OSC-Authorize-Group attribute values are processed first followed by > group1 values as defined by AuthorizeGroup configuration options. > > Thanks, > Heikki > > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, > PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full > source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator > -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
