Re: (RADIATOR) Help

Tue, 23 Nov 1999 17:02:01 -0800 


Hello Tom -

On Wed, 24 Nov 1999, Tom Gwilt wrote:
> Hi,
> 
> The guy who did our radius stuff is not with us anymore, and they gave
> it to me. I don't know what to do.
> 
> We are running Radius on BSDI 4.0.1.
> 
> I need to do the following:
> 
> Check a file that contains names that are not allowed to authenticate.
> Check a different file that contains names that can login only between
> 8:00 am and 5:00 pm.
> Check the normal users file.
> 
> If a user is not allowed to authenticate, stop processing.
> 
> The radius.cfg file contains the following:
> 
> <Realm DEFAULT>
>         <AuthBy FILE>
>         # The filename defaults to %D/users
>         </AuthBy>
> 
>         # Log accounting to the detail file in LogDir
>         AcctLogFileName %L/detail
>         PasswordLogFileName %L/password.log
> </Realm>
> 
> <Realm dummyrealmforunix>
>         <AuthBy UNIX>
>                 Identifier System
>                 Filename /etc/master.passwd
>                 Match ^([^:]*):([^:]*)
>         </AuthBy>
>         #Log accounting to the detail file in %L
>         AcctLogFileName %L/detail
> </Realm>
> 
> Users file contain:
> 
> DEFAULT Auth-Type=System
>  Service-Type = Framed-User,
>  Framed-Protocol = PPP
> 
> How do I accomplish the task? Thanks in advance,

You will need to do something like this:

.....

<AuthBy UNIX>
        Identifier System
        Filename /etc/master.passwd
        Match ^([^:]*):([^:]*)
</AuthBy>

<Realm DEFAULT>
        AuthByPolicy ContinueWhileAccept

        <AuthBy FILE>
                AcceptIfMissing
                Filename %D/reject-users
        </AuthBy>

        <AuthBy FILE>
                AcceptIfMissing
                Filename %D/time-users
        </AuthBy>

        <AuthBy FILE>
                Filename %D/users
        </AuthBy>

        AcctLogFileName %L/detail
        PasswordLogFileName %L/password.log
</Realm>



# reject-users file contains:

username1       Auth-Type = Reject

username2       Auth-Type = Reject

....


# time-users file contains:

username1       Time = "Al0800-1700", Auth-Type = System
        Service-Type = Framed-User,
        Framed-Protocol = PPP

....


# users file contains:

DEFAULT Auth-Type=System
        Service-Type = Framed-User,
        Framed-Protocol = PPP


If you have any questions, don't hesitate to ask.

hth

Hugh


--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to