Re: [vchkpw] OT: Radius server

2004-04-02 Thread Rick Widmer


Charles Sprickman wrote:

On Wed, 31 Mar 2004, Doug Clements wrote:


Radiator (open.com.au) rules. You can do virtually anything, including
custom SQL queries.


I know, I used to use it.  Best radius server ever.  But it costs $$ that
we don't have.
A good start to getting something else working would be if someone could
explain how the pw_gid values work and what the numbers represent;
gnu-radius has some rewrite rules that may allow me to somewhat alter (in
a sneaky and hackish way) my queries based on which NAS the request comes
from.  But so far I'm not finding any information on how to determine what
particular numeric values in the pw_gid field mean...


vpopmail.h  lines 86-100





Re: [vchkpw] OT: Radius server

2004-04-01 Thread Charles Sprickman
On Wed, 31 Mar 2004, Doug Clements wrote:

 Radiator (open.com.au) rules. You can do virtually anything, including
 custom SQL queries.

I know, I used to use it.  Best radius server ever.  But it costs $$ that
we don't have.

A good start to getting something else working would be if someone could
explain how the pw_gid values work and what the numbers represent;
gnu-radius has some rewrite rules that may allow me to somewhat alter (in
a sneaky and hackish way) my queries based on which NAS the request comes
from.  But so far I'm not finding any information on how to determine what
particular numeric values in the pw_gid field mean...

Thanks,

Charles

 --Doug

 - Original Message -
 From: Charles Sprickman [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Wednesday, March 31, 2004 5:42 PM
 Subject: [vchkpw] OT: Radius server


  Hi all,
 
  This is somewhat OT, but I'm curious what people here are using for radius
  authentication against the vpopmail mysql db?  There are a number that
  support SQL auth, but the whole pw_gid thing in vpopmail is giving me
  some pains.  I wish to use the dialup y/n flags that end up in the pw_gid
  field, but I'm also looking to use the user defined flags to also denote
  if a given user should be able to auth via radius for news or roaming
  dialup.
 
  So far this doesn't look possible (or let's say easy).  FreeRadius,
  gnu-radius, openradius all lack the ability to alter the sql query based
  on which client NAS connects.
 
  How are other people solving this problem?  I'd love to keep the vpopmail
  db as the master reference for all radius-authenticated services.
 
  Also, does anyone have some info on what exactly the values in pw_gid are?
  It's numeric, and it varies is about all I can gather from poking around.
 
  Thanks,
 
  Charles
 




Re: [vchkpw] OT: Radius server

2004-04-01 Thread Rick Widmer


Charles Sprickman wrote:

On Wed, 31 Mar 2004, Doug Clements wrote:


Radiator (open.com.au) rules. You can do virtually anything, including
custom SQL queries.


I know, I used to use it.  Best radius server ever.  But it costs $$ that
we don't have.
A good start to getting something else working would be if someone could
explain how the pw_gid values work and what the numbers represent;
gnu-radius has some rewrite rules that may allow me to somewhat alter (in
a sneaky and hackish way) my queries based on which NAS the request comes
from.  But so far I'm not finding any information on how to determine what
particular numeric values in the pw_gid field mean...


vpopmail.h  lines 86-100





Re: [vchkpw] OT: Radius server

2004-04-01 Thread Ken Jones
On Wednesday 31 March 2004 07:42 pm, Charles Sprickman wrote:
 Hi all,
 Also, does anyone have some info on what exactly the values in pw_gid are?
 It's numeric, and it varies is about all I can gather from poking around.

I'll try to give a detailed listing.
#define NO_PASSWD_CHNG 0x01
If set, the code should not allow the password to be changed

#define NO_POP 0x02
If set, reject pop authentications

#define NO_WEBMAIL 0x04
If set, reject webmail authentications

#define NO_IMAP0x08
If set, reject imap authentications

#define BOUNCE_MAIL0x10
If set, bounce any incoming mail back to the sender

#define NO_RELAY   0x20
If set, do not allow the account to relay email.
This is useful for sites that want to have email accounts that
are only allowed to send email internally.

#define NO_DIALUP  0x40
If set, code should not allow dialup access. This was originally
added to support radius sites.

#define V_USER0   0x080
#define V_USER1   0x100
#define V_USER2   0x200
#define V_USER3   0x400
After adding the NO_DIALUP flag we relalized there may be other
flags people will want that are not directly used by any email code.

#define NO_SMTP   0x800
If set, do not allow smtp connections.

#define QA_ADMIN 0x1000
If set, the user is granted admin privilages in qmailadmin

#define V_OVERRIDE   0x2000
If set, the user is not subject to domain limits. Part of the
vlimit code.

#define NO_SPAMASSASSIN 0x4000
If set, (and --enable-spamassassin=y) do not process the
incoming mail through spamassassin. 

#define DELETE_SPAM  0x8000
with --enable-spamasssassin=y setting this flag
will delete all email above the users required_hits
preference.

Ken Jones



Re: [vchkpw] OT: Radius server

2004-04-01 Thread Rick Widmer
Would someone please make sure this information finds a home somewhere 
in the vpopmail distribution!

Thanks, Rick



Ken Jones wrote:

On Wednesday 31 March 2004 07:42 pm, Charles Sprickman wrote:

Hi all,
Also, does anyone have some info on what exactly the values in pw_gid are?
It's numeric, and it varies is about all I can gather from poking around.


I'll try to give a detailed listing.
#define NO_PASSWD_CHNG 0x01
If set, the code should not allow the password to be changed
#define NO_POP 0x02
If set, reject pop authentications
#define NO_WEBMAIL 0x04
If set, reject webmail authentications
#define NO_IMAP0x08
If set, reject imap authentications
#define BOUNCE_MAIL0x10
If set, bounce any incoming mail back to the sender
#define NO_RELAY   0x20
If set, do not allow the account to relay email.
This is useful for sites that want to have email accounts that
are only allowed to send email internally.
#define NO_DIALUP  0x40
If set, code should not allow dialup access. This was originally
added to support radius sites.
#define V_USER0   0x080
#define V_USER1   0x100
#define V_USER2   0x200
#define V_USER3   0x400
After adding the NO_DIALUP flag we relalized there may be other
flags people will want that are not directly used by any email code.
#define NO_SMTP   0x800
If set, do not allow smtp connections.
#define QA_ADMIN 0x1000
If set, the user is granted admin privilages in qmailadmin
#define V_OVERRIDE   0x2000
If set, the user is not subject to domain limits. Part of the
vlimit code.
#define NO_SPAMASSASSIN 0x4000
If set, (and --enable-spamassassin=y) do not process the
incoming mail through spamassassin. 

#define DELETE_SPAM  0x8000
with --enable-spamasssassin=y setting this flag
will delete all email above the users required_hits
preference.
Ken Jones






Re: [vchkpw] OT: Radius server

2004-03-31 Thread Doug Clements
Radiator (open.com.au) rules. You can do virtually anything, including
custom SQL queries.

--Doug

- Original Message - 
From: Charles Sprickman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 31, 2004 5:42 PM
Subject: [vchkpw] OT: Radius server


 Hi all,

 This is somewhat OT, but I'm curious what people here are using for radius
 authentication against the vpopmail mysql db?  There are a number that
 support SQL auth, but the whole pw_gid thing in vpopmail is giving me
 some pains.  I wish to use the dialup y/n flags that end up in the pw_gid
 field, but I'm also looking to use the user defined flags to also denote
 if a given user should be able to auth via radius for news or roaming
 dialup.

 So far this doesn't look possible (or let's say easy).  FreeRadius,
 gnu-radius, openradius all lack the ability to alter the sql query based
 on which client NAS connects.

 How are other people solving this problem?  I'd love to keep the vpopmail
 db as the master reference for all radius-authenticated services.

 Also, does anyone have some info on what exactly the values in pw_gid are?
 It's numeric, and it varies is about all I can gather from poking around.

 Thanks,

 Charles