Re: (RADIATOR) (Radiator) Setting up radius.cfg for Groups

Tue, 8 Jun 1999 15:38:13 -0700 

Hello Oliver.

Its very difficult to distinguish between Unix groups of users using Handlers
or Realm. Handler and realm only have the attributes of the incoming request to
work with. I think the right answer for you is to set up a users file that
authenticates through Unix, and uses check and reply items for each group.
Something like this:

<Realm DEFAULT>
        <AuthBy FILE>
                Filename xyzzy
        </AuthBy>
</Realm>

# This one is used by AuthType=System
<AuthBy UNIX>
        Identifier System
        Filename /etc/passwd
        GroupFilename /etc/group
</AuthBy>

And in the users file xyzzy:

# Limit of 5 sim-use to anyone in group1
DEFAULT AuthType=System,Group=group1,Simultaneous-Use=5

# Limit of 2 sim-use for anyone in group2
DEFAULT AuthType=System,Group=group2,Simultaneous-Use=2

etc....

Hope that helps.

Cheers.


On Jun 8, 10:59am, O Stockhammer wrote:
> Subject: (RADIATOR) (Radiator) Setting up radius.cfg for Groups
>
>
> Hello,
>       With the flexibility of radiator, I wanted to know if you
> suggested a method of implementing different session characteristics for
> different unix group members.  I know we have to use 'check items' but I
> am unsure of how to insert them in the cfg file.
>       For example,  we would like to use the 'maxsessions 1' for the
> 'nodup' unix group, while everyone else coming in should be set to
> 'maxsessions 5'.  I am hoping to implement this in the radius.cfg file
> using something like a <Handler> tag.  I am just unsure as to where this
> info should go in the the actual file.
>       I have attached part of my current (rudimentary) radius.cfg file.
> The way we are setup is to have all accounting go to mySQL and
> authentication first goes off of a UNIX master.passwd file and then to a
> users file.  Ipass will be a future consideration.
>       Thanks for your help.
>
> Oliver Stockhammer
> Systems
> Internet Channel
>
> [ Attachment (text/plain): "radius.cfg.partial" 6571 bytes
>   Character set: US-ASCII
>   Partial radius.cfg
>   Encoded with "base64" ]
>-- End of excerpt from O Stockhammer



-- 
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to