Re: (RADIATOR) beginners question
On May 7, 9:55am, Arnie Roberts wrote: Subject: RE: (RADIATOR) beginners question On Friday, May 07, 1999 3:08 PM, Mike McCauley [SMTP:[EMAIL PROTECTED]] wrote: That should work, irrespective of whether they are in the dictionary or not. Probably you have your DefaultReply spread over several lines in the config file without using the line continuation character (ie the backslash \) ?. You should put the entire DefaultReply on one line, else use line continuations: DefaultReply attr1=val1,\ attr2=val2,\ etc Yes that is what I was doing wrong. It works now - thanks. Great. Another beginners question - A user has two phones at home and I want to check his caller-id is one or the other. How do you logically or a string check item? In the users file: usernamePassword=x,Calling-Station-Id=95980985 reply item, reply item, (Of course this requires that your NAS is sending Calling-Station-Id in each request) Yes the NAS sends Calling-Station-Id but I don't understand your reply. Calling-Station-Id is a string attribute and not an integer and so I would have expected your users entry to have been username Password=x,Calling-Station-Id="95980985" You only need the quotes of there are spaces in the string. Its pretty liberal. etc. If my users two phones are 9580985 and 1234567 then the Calling-Station-Id could be either of these and the check item needs to reflect this. I can guess from the example users file how to OR integers. There is no example of OR for string attributes however and despite trying many syntactical possibilities I haven't managed to get it its doesnt really matter if its a string or an integer, exact matches and regular expressions work the same. If you want to match 2 possibilities, you will need to do it like this: usernamePassword=x,Calling-Station-Id=/95980985|123456/ Since this is using a regular expression match, you _must_ have the slashes at each end. Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) beginners question
On Friday, May 07, 1999 3:08 PM, Mike McCauley [SMTP:[EMAIL PROTECTED]] wrote: That should work, irrespective of whether they are in the dictionary or not. Probably you have your DefaultReply spread over several lines in the config file without using the line continuation character (ie the backslash \) ?. You should put the entire DefaultReply on one line, else use line continuations: DefaultReply attr1=val1,\ attr2=val2,\ etc Yes that is what I was doing wrong. It works now - thanks. Another beginners question - A user has two phones at home and I want to check his caller-id is one or the other. How do you logically or a string check item? In the users file: username Password=x,Calling-Station-Id=95980985 reply item, reply item, (Of course this requires that your NAS is sending Calling-Station-Id in each request) Yes the NAS sends Calling-Station-Id but I don't understand your reply. Calling-Station-Id is a string attribute and not an integer and so I would have expected your users entry to have been usernamePassword=x,Calling-Station-Id="95980985" etc. If my users two phones are 9580985 and 1234567 then the Calling-Station-Id could be either of these and the check item needs to reflect this. I can guess from the example users file how to OR integers. There is no example of OR for string attributes however and despite trying many syntactical possibilities I haven't managed to get it right. Arnie application/ms-tnef
RE: (RADIATOR) beginners question
Op vrijdag 7 mei 1999 10:56, heeft Arnie Roberts geschreven: If my users two phones are 9580985 and 1234567 then the Calling-Station-Id could be either of these and the check item needs to reflect this. I can guess from the example users file how to OR integers. There is no example of OR for string attributes however and despite trying many syntactical possibilities I haven't managed to get it right. Arnie Perl script can help you here also e.g. Calling-Station-Id=/(9580985|1234567)/ be sure to write down the complete phone numbers as provided by your telephone provider (see log file), regards, Dirk Jansen application/ms-tnef
RE: (RADIATOR) beginners question
On Friday, April 30, 1999 3:42 PM, Mike McCauley [SMTP:[EMAIL PROTECTED]] wrote: Hi Arnie, I would like to have a set of default reply items for most of my users (provided they authenticate OK) and a few exceptions who get reply items specific to them. There are a number of ways to do this, probably the best is: Use DefaultReply in your AuthBy clause. This will add reply items for people who do not have any reply items in your users file. So you can set up your "normal" users in teh users file without any reply items, and DefaultReply will add reply items for them. Users who have specific reply items in the users file wil get those reply itmes and not the ones in DefaultReply. I tried this but Radiator complains about unrecognised keywords when it starts. The keywords its complaining about are Vendor-specific codes I've entered into the dictionary. These work fine without the DefaultReply in the AuthBy clause. Is radius.cfg read before the dictionary at load time? Perhaps I need to try one of the other ways of doing this. Another beginners question - A user has two phones at home and I want to check his caller-id is one or the other. How do you logically or a string check item? thanks Arnie application/ms-tnef
Re: (RADIATOR) beginners question
Hi Arnie, On May 6, 6:05pm, Arnie Roberts wrote: Subject: RE: (RADIATOR) beginners question On Friday, April 30, 1999 3:42 PM, Mike McCauley [SMTP:[EMAIL PROTECTED]] wrote: Hi Arnie, I would like to have a set of default reply items for most of my users (provided they authenticate OK) and a few exceptions who get reply items specific to them. There are a number of ways to do this, probably the best is: Use DefaultReply in your AuthBy clause. This will add reply items for people who do not have any reply items in your users file. So you can set up your "normal" users in teh users file without any reply items, and DefaultReply will add reply items for them. Users who have specific reply items in the users file wil get those reply itmes and not the ones in DefaultReply. I tried this but Radiator complains about unrecognised keywords when it starts. The keywords its complaining about are Vendor-specific codes I've entered into the dictionary. These work fine without the DefaultReply in the AuthBy clause. Is radius.cfg read before the dictionary at load time? Perhaps I need to try one of the other ways of doing this. That should work, irrespective of whether they are in the dictionary or not. Probably you have your DefaultReply spread over several lines in the config file without using the line continuation character (ie the backslash \) ?. You should put the entire DefaultReply on one line, else use line continuations: DefaultReply attr1=val1,\ attr2=val2,\ etc Another beginners question - A user has two phones at home and I want to check his caller-id is one or the other. How do you logically or a string check item? In the users file: usernamePassword=x,Calling-Station-Id=95980985 reply item, reply item, (Of course this requires that your NAS is sending Calling-Station-Id in each request) Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) beginners question
Hi Arnie, On Apr 30, 11:28am, Arnie Roberts wrote: Subject: RE: (RADIATOR) beginners question On Friday, April 30, 1999 3:42 PM, Mike McCauley [SMTP:[EMAIL PROTECTED]] wrote: There are a number of ways to do this, probably the best is: Use DefaultReply in your AuthBy clause. This will add reply items for people who do not have any reply items in your users file. So you can set up your "normal" users in teh users file without any reply items, and DefaultReply will add reply items for them. Users who have specific reply items in the users file wil get those reply itmes and not the ones in DefaultReply. Ah I see. It would be really nice if the special character replacement thing we spoke about before worked - Well, it does work, its just that User-Name is not usually available in the reply in order to do the replacement. There is a way you could do this: 1. In a PreHandlerHook, copy User-Name from the incoming packet to the reply packet 2. Put something like Reply-Message="Hello %n" in your add-to-reply 3. In PostAuthHook, remove the User-Name attribute from the reply packet/. Its a bit ugly, but its a workaround that will work. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) beginners question
Hi Arnie, Arnie Roberts wrote: Hi, I would like to have a set of default reply items for most of my users (provided they authenticate OK) and a few exceptions who get reply items specific to them. What differentiates the default users from the 'specials' is their usernames and passwords and nothing else - i.e. they all authenticate via the same NAS, and it will always supply the same attributes in the request (except the username and password). The example user file says # DEFAULT users will be checked in the order they appear in this # file. They # will be checked in order until one is found that matches and # which does not contain Fall-Through and also has entries like this - DEFAULT Service-Type = Administrative-User, Auth-Type = System Idle-Timeout = 2000, But what is a DEFAULT user? A DEFAULT user is a user without an special Username entry Is the Service-Type attribute here a request item which is checked? Yes, of course, all items in the first line of a entry are check-items, all following lines are reply items. Do this in the following way: special-one Password = mysecret-one special-one-reply-item-1 = 1, special-one-reply-item-2 = 2, special-one-reply-item-3 = 3, special-one-reply-item-4 = 4 special-two Password = mysecret-two special-two-reply-item-1 = 1, special-two-reply-item-2 = 2, special-two-reply-item-3 = 3 DEFAULT Auth-Type = System default-reply-item-1 =1, default-reply-item-2 =2, default-reply-item-3 =3, default-reply-item-4 =4, default-reply-item-5 =5 This means, User with names special-one and special-two get differently handled as all other users. And because you have perhaps a lot of other users, you will not list all usernames and passwords in the users-file, you use the System passwd files. That's the trick with the DEFAULT regards Charly === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
